SV-222991r615938_rule
V-222991
SRG-APP-000380-AS-000088
TCAT-AS-001280
CAT II
10
If operational/application requirements specify different group file permissions, obtain ISSM risk acceptance and set permissions according to risk acceptance.
Run the following commands on the Tomcat server:
sudo find $CATALINA_BASE/work -maxdepth 0 \( ! -user tomcat \) | sudo xargs chown tomcat
sudo find $CATALINA_BASE/work -maxdepth 0 \( ! -group tomcat \) | sudo xargs chgrp tomcat
Access the Tomcat server from the command line and execute the following OS command:
sudo find $CATALINA_BASE/work -follow -maxdepth 0 \( ! -user tomcat -o ! -group tomcat \) -ls
If ISSM risk acceptance specifies deviation from requirement based on operational/application needs, this is not a finding if the permissions are set in accordance with the risk acceptance.
If no folders are displayed, this is not a finding.
If results indicate the $CATALINA_BASE/work folder ownership and group membership is not set to tomcat:tomcat, this is a finding.
V-222991
False
TCAT-AS-001280
Access the Tomcat server from the command line and execute the following OS command:
sudo find $CATALINA_BASE/work -follow -maxdepth 0 \( ! -user tomcat -o ! -group tomcat \) -ls
If ISSM risk acceptance specifies deviation from requirement based on operational/application needs, this is not a finding if the permissions are set in accordance with the risk acceptance.
If no folders are displayed, this is not a finding.
If results indicate the $CATALINA_BASE/work folder ownership and group membership is not set to tomcat:tomcat, this is a finding.
M
4094