Q1: Can Tomcat be configured to 'roll back' if a patch update causes a TC failure on a production server? Q2: Can TC be configured to fail to a known safe state in the event of server failure during operation?
I am developing a Security Technical Implement Guide (STIG) for Tomcat. A STIG is essentially a detailed checklist for hardening a given technology. DoD uses them to provide cyber defense. Finding configurable ways to satisfy the below 2 requirements is proving difficult. Req 1 : The web server must augment re-creation to a stable and known baseline. Req 2 : The web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. Req 1 is intended to provide a means to roll back to a last known stable environment in case a patch fails. Req 2 is intended to provide fail safe environments in case something (perhaps an attacker) causes system failure. Thanks, Ed
