STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Tomcat user UMASK must be set to 0027.

DISA Rule

SV-222949r615938_rule

Vulnerability Number

V-222949

Group Title

SRG-APP-000133-AS-000092

Rule Version

TCAT-AS-000450

Severity

CAT II

CCI(s)

• CCI-001499 - The organization limits privileges to change software resident within software libraries.

Weight

10

Fix Recommendation

From the Tomcat server as a privileged user:

Use a file editor like nano or vi and edit the /etc/systemd/system/tomcat.service file.

Change the "UMask=" setting to 0027.

UMask =0027

Save the file and restart Tomcat:
sudo systemctl restart tomcat
sudo systemctl daemon-reload

Check Contents

Reference the system documentation and make relevant changes to the following commands if the system differs:

From the Tomcat server command line run the following command:

sudo cat /etc/systemd/system/tomcat.service | grep -i umask

If the umask is not = 0027, this is a finding.

Vulnerability Number

V-222949

Documentable

False

Rule Version

TCAT-AS-000450

Severity Override Guidance

Reference the system documentation and make relevant changes to the following commands if the system differs:

From the Tomcat server command line run the following command:

sudo cat /etc/systemd/system/tomcat.service | grep -i umask

If the umask is not = 0027, this is a finding.

Check Content Reference

M

Target Key

4094

Comments