Disable Tomcat7 Manager
The web interface http://localhost:8080/manager/html. Is there a way to disable or completely remove it? Just asking so I don't mess up some settings by going in and deleting things willy nilly.
Reason I want to get rid of it is because the server keeps getting blocked due to what I think is malicious scripts brute forcing the password. It locks down and secures itself but I also am unaware this has happened until I check manually. I don't use the web manager so I figure the best way to solve this is to just get rid of it completely. That said if you have another suggestion i'd be open to that as well. I've tried setting up a RemoteAddrValve in manager.xml like below, but i'm still having the issue.
//I changed the ip address for this example.
<Context path="/manager"
docBase="/usr/share/tomcat7-admin/manager"
antiResourceLocking="false" privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="0\.0\.0\.0" denyStatus="404" />
</Context>
Answer
Per the Tomcat 7 documents:
"The Manager application is not accessible by default as no users are configured with the necessary access."
If you think there is a user enabled in the manager app, you can edit $CATALINA_BASE/conf/tomcat-users.xml. Just comment or remove any active roles or usernames in that file and restart the server to prevent access to the Manager app.
Another approach per OWASP (somewhat out of date) is to rename your manager app. This is a "security by obscurity" approach, but might work if some botnet just randomly targeted your server.
Finally, I tested removing the manager webapp on Tomcat7 and bouncing the server. The Tomcat example webapp ran fine after that, so I suspect you can remove the manager with no bad effects, as long as you don't depend on it to deploy webapps.
Also, the docbase used in the your remoteAddrValve looks strange. I would expect it to be /usr/share/tomcat7-admin/webapps/manager unless you've gone through the trouble to change the docbase for your whole server.