Manually updating Tomcat for SLM1.0.0.5

  • 7007275
  • 30-Nov-2010
  • 26-Apr-2012

Environment

Sentinel Log Manager 1.0.0.5

Situation

Sentinel Log Manager 1.0.0.5 includes a version of Tomcat with a known security vulnerability, CVE-2010-2227. In order to ensure compliance with security for our own SIEM solution, it is necessary to update to Tomcat version 6.0.29 which includes a fix for the vulnerability mentioned above. Sentinel Log Manager 1.2 will include the fixed version of Tomcat.

Resolution

Below are the steps to update Tomcat that ships with 1.0.0.5 to Tomcat version 6.0.29;

Step 1: Stop SLM server
Step 2: Extract downloaded apache-tomcat-6.0.29.tar.gz in {install_directory}/3rdparty/ so you'll get {install_directory}/3rdparty/apache-tomcat-6.0.29/
Step 3: Go to {install_directory}/3rdparty/apache-tomcat-6.0.29/ directory
Step 4: (Optional) Delete directories docs and examples from {install_directory}/3rdparty/apache-tomcat-6.0.29/webapps/
Step 5: Delete directory logs from {install_directory}/3rdparty/apache-tomcat-6.0.29/
Step 6: Copy following lines from {install_directory}/3rdparty/apache-tomcat-6.0.29/conf/server.xml to {install_directory}/3rdparty/tomcat/conf/server.xml at an appropriate matching location
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
Step 7: Copy following lines from {install_directory}/3rdparty/tomcat/conf/web.xml to {install_directory}/3rdparty/apache-tomcat-6.0.29/conf/web.xml at an appropriate matching location
<!-- This security-constraint constraint forces HTTPS to be used, even if the user
attempts to connect to HTTP. -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Automatic SLL Forwarding</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Step 8: Copy server.xml from {install_directory}/3rdparty/tomcat/conf/ directory to {install_directory}/3rdparty/apache-tomcat-6.0.29/conf/ directory overwriting existing ones
Step 9: Copy WEB-INF, novellsiemdownloads, favicon.ico and index.html from {install_directory}/3rdparty/tomcat/webapps/ROOT/ directory to {install_directory}/3rdparty/apache-tomcat-6.0.29/webapps/ROOT/ directory overwriting existing ones
Step 10: Copy novelllogmanager, and novelllogmanager.war from {install_directory}/3rdparty/tomcat/webapps/ directory to {install_directory}/3rdparty/apache-tomcat-6.0.29/webapps/ directory
Step 11: Change ownership and group of {install_directory}/3rdparty/apache-tomcat-6.0.29/ directory to novell:novell recursively
Step 12: Change permissions for {install_directory}/3rdparty/apache-tomcat-6.0.29/ directory to 700 recursively
Step 13: Rename {install_directory}/3rdparty/tomcat/ directory to {install_directory}/3rdparty/tomcat_old/
Step 14: Rename {install_directory}/3rdparty/apache-tomcat-6.0.29/ directory to {install_directory}/3rdparty/tomcat/
Step 15: Create symbolic link {install_directory}/3rdparty/tomcat/logs pointing to "{install_directory}/log/tomcat"
Step 16: Start SLM server

Bug Number

641237