Endpoint Protection

I have limited knowledge on the "Shutdown" command string for tomcat. My understanding is that anyone who contacts the server locally on port 8005 and send it the words SHUTDOWN will cause Tomcat to shut down.

Usually once SEPM is installed Server.XML shows something as below:
Server debug="0" port="8005" shutdown="F5F0C6F3C0A8051E00A92AAA61C599F0"

In my case it is showing shutdown="SHUTDOWN". Even though there is no issue to run SEPM while having these shutdown string in Server.xml but my question is:

1. Is there any security hole if I leave it like shutdown="SHUTDOWN"? and what is the impact on SEPM?

2. How does it generate shutdown string as "F5F0C6F3C0A8051E00A92AAA61C599F0" or any other?

Thank you.

you'll notice that your server.xml file is set up with a shutdown port of 8005, and shutdown="SHUTDOWN". What does this mean?

It means that anyone who contacts the server locally on port 8005 and send it the words SHUTDOWN can cause Tomcat to close out all its web applications and shut down cleanly. Yikes - is this a security hole of what? It could be. Fortunatly , you'll notice that I said it's a LOCAL connection to the port that causes a shutdown, so it no-one can ssh or telnet in, nor log in from the keyboard unless they're an admin, it might not be a problem ....

If your Tomcat server allows anyone except the administrator to log in with a shell, then I strongly suggest you change shutdown="SHUTDOWN" to shutdown="waSS-I41tis" so that at least it won't be a string that any hacker can guess. You might like to change the port number too. Alas, it would be unwise to disable the facility completely, since catalina.sh and shutdown.sh use the port (details read from the config file) as part of their processing. At least server.xml is neither group nor world readable.

waSS-I41tis => "what a STUPID SYSTEM - I for one think it's silly"

http://www.wellho.net/mouth/837_Tomcat-Shutdown-port.html

Let me know if this was helpful.