STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:SV-222987r615938_rule
V-222987
SRG-APP-000380-AS-000088
TCAT-AS-001220
CAT II
10
If operational/application requirements specify different group file permissions, obtain ISSM risk acceptance and set permissions according to risk acceptance. Ownership must not be changed.
Run the following commands on the Tomcat server:
sudo find $CATALINA_BASE/conf -maxdepth 0 \( ! -user root \) | sudo xargs chown root
sudo find $CATALINA_BASE/conf -maxdepth 0 \( ! -group tomcat \) | sudo xargs chgrp tomcat
Access the Tomcat server from the command line and execute the following OS command:
sudo find $CATALINA_BASE/conf -follow -maxdepth 0 \( ! -user root -o ! -group tomcat \) -ls
If ISSM risk acceptance specifies deviation from requirement based on operational/application needs, this is not a finding if the group permissions are set in accordance with the risk acceptance. Ownership must not be changed.
If no folders are displayed, this is not a finding.
If results indicate the $CATALINA_BASE/conf folder ownership and group membership is not set to root:tomcat, this is a finding.
V-222987
False
TCAT-AS-001220
Access the Tomcat server from the command line and execute the following OS command:
sudo find $CATALINA_BASE/conf -follow -maxdepth 0 \( ! -user root -o ! -group tomcat \) -ls
If ISSM risk acceptance specifies deviation from requirement based on operational/application needs, this is not a finding if the group permissions are set in accordance with the risk acceptance. Ownership must not be changed.
If no folders are displayed, this is not a finding.
If results indicate the $CATALINA_BASE/conf folder ownership and group membership is not set to root:tomcat, this is a finding.
M
4094