STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:SV-222935r615938_rule
V-222935
SRG-APP-000033-AS-000024
TCAT-AS-000100
CAT II
10
From the Tomcat server as a privileged user, edit the server.xml file.
sudo nano $CATALINA_BASE/conf/server.xml.
Locate each <Connector/> element which is lacking a secure setting.
EXAMPLE Connector:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
Set or add scheme="https" and secure="true" for each HTTP connector element.
EXAMPLE:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true".../>
Save the server.xml file and restart Tomcat:
sudo systemctl restart tomcat
sudo systemctl reload-daemon
From the Tomcat server console, run the following command:
sudo cat $CATALINA_BASE/conf/server.xml.
Examine each <Connector/> element.
For each connector, verify the secure= flag is set to "true" and the scheme= flag is set to "https" on each connector.
If the secure flag is not set to "true" and/or the scheme flag is not set to "https" for each HTTP connector element, this is a finding.
V-222935
False
TCAT-AS-000100
From the Tomcat server console, run the following command:
sudo cat $CATALINA_BASE/conf/server.xml.
Examine each <Connector/> element.
For each connector, verify the secure= flag is set to "true" and the scheme= flag is set to "https" on each connector.
If the secure flag is not set to "true" and/or the scheme flag is not set to "https" for each HTTP connector element, this is a finding.
M
4094