Overview

To improve the security posture of SecureTransport ADMIND Apache Tomcat, the webapps directory can be protected using operating system-level immutability. This control ensures that deployed applications cannot be modified, replaced, or deleted at runtime.

Purpose

The primary objective of this control is to maintain the integrity of deployed web applications by preventing unauthorized or accidental changes. This reduces the risk of:

• Deployment of malicious or unauthorized applications
• Modification of existing application files (e.g., JSP, WAR contents)
• Tampering following a server compromise or partial access breach

Scope

This applies to the ADMIN Tomcat installation directory, specifically ${FILEDRIVEHOME}/tomcat/admin/webapps.

Implementation (Linux)

Apply the immutable attribute recursively (requires root):

sudo chattr -R +i ${FILEDRIVEHOME}/tomcat/admin/webapps

Verify the attribute:

lsattr ${FILEDRIVEHOME}/tomcat/admin/webapps

Update/Rollback Procedure

Immutability prevents changes, it must be temporarily removed before updates/rollbacks.

1. Remove immutability:

sudo chattr -R -i ${FILEDRIVEHOME}/tomcat/admin/webapps

2. Apply or remove an Update

3. Re-apply immutability:

sudo chattr -R +i ${FILEDRIVEHOME}/tomcat/admin/webapps

Operational Impact

• The ADMIND Tomcat folder can be safely set to an immutable state without impacting functionality.
• Any runtime modification to deployed applications is blocked
• Administrative access is required to modify deployed artifacts

Considerations

• Ensure deployment pipelines are adjusted to account for immutable directories
• Re-design Update/Rollback procedures accordingly

Summary

Enforcing immutability on the Tomcat webapps directory strengthens application integrity by ensuring deployed artifacts remain unchanged unless explicitly and intentionally updated through controlled administrative actions.