STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

$CATALINA_HOME/bin folder permissions must be set to 750.

DISA Rule

SV-222948r615938_rule

Vulnerability Number

V-222948

Group Title

SRG-APP-000121-AS-000081

Rule Version

TCAT-AS-000390

Severity

CAT II

CCI(s)

• CCI-001493 - The information system protects audit tools from unauthorized access.
• CCI-001494 - The information system protects audit tools from unauthorized modification.
• CCI-001495 - The information system protects audit tools from unauthorized deletion.
• CCI-002235 - The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Weight

10

Fix Recommendation

Run the following command on the Tomcat server:

sudo find $CATALINA_HOME/bin -follow -maxdepth 0 -type d -print0 | sudo xargs chmod 750 $CATALINA_HOME/bin

Check Contents

Access the Tomcat server from the command line and execute the following OS command:

sudo find $CATALINA_HOME/bin -follow -maxdepth 0 -type d \( \! -perm 750 \) -ls

If no folders are displayed, this is not a finding.

If results indicate the $CATALINA_HOME/bin folder permissions are not set to 750, this is a finding.

Vulnerability Number

V-222948

Documentable

False

Rule Version

TCAT-AS-000390

Severity Override Guidance

Access the Tomcat server from the command line and execute the following OS command:

sudo find $CATALINA_HOME/bin -follow -maxdepth 0 -type d \( \! -perm 750 \) -ls

If no folders are displayed, this is not a finding.

If results indicate the $CATALINA_HOME/bin folder permissions are not set to 750, this is a finding.

Check Content Reference

M

Target Key

4094

Comments