STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:SV-222967r615938_rule
V-222967
SRG-APP-000176-AS-000125
TCAT-AS-000710
CAT II
10
Run the following commands on the Tomcat server:
sudo chmod 640 [keystorefile]
sudo chown root [keystorefile]
sudo chgrp tomcat [keystorefile]
Store the keystore file in a secured folder within the Tomcat folder path.
Identify the location of the .keystore file. Refer to system documentation or review the server.xml file for a specified .keystore file location.
From the Tomcat server console run the following command to check the server.xml file:
sudo grep -i keystorefile $CATALINA_BASE/conf/server.xml
Extract the location of the file from the output.
Example:
[keystorefile=/opt/tomcat/conf/<filename.jks>]
sudo ls -la [keystorefile location]
If the file permissions are not set to 640 USER:root GROUP:tomcat, this is a finding.
If the keystore file is not stored within the tomcat folder path, i.e. [/opt/tomcat/], this is a finding.
V-222967
False
TCAT-AS-000710
Identify the location of the .keystore file. Refer to system documentation or review the server.xml file for a specified .keystore file location.
From the Tomcat server console run the following command to check the server.xml file:
sudo grep -i keystorefile $CATALINA_BASE/conf/server.xml
Extract the location of the file from the output.
Example:
[keystorefile=/opt/tomcat/conf/<filename.jks>]
sudo ls -la [keystorefile location]
If the file permissions are not set to 640 USER:root GROUP:tomcat, this is a finding.
If the keystore file is not stored within the tomcat folder path, i.e. [/opt/tomcat/], this is a finding.
M
4094