STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:SV-222995r615938_rule
V-222995
SRG-APP-000435-AS-000069
TCAT-AS-001460
CAT II
10
From the Tomcat server as a privileged user, modify the $CATALINA_BASE/conf/server.xml file.
Uncomment the "<Cluster/> object and configure the system into a cluster as per the Tomcat clustering documentation provided at the Tomcat website.
https://tomcat.apache.org/tomcat-9.0-doc/config/cluster.html
This requirement only applies to a system that is categorized as high within the Risk Management Framework (RMF).
Review the System Security Plan (SSP) or other system documentation that specifies the operational uptime requirements and RMF system categorization.
If the system is categorized as high, from the Tomcat server as a privileged user, run the following command:
sudo grep -i -A10 -B2 "Cluster" $CATALINA_BASE/conf/server.xml
If the <Cluster/> element is commented out, or no results returned, then the system is not clustered and this is a finding.
V-222995
False
TCAT-AS-001460
This requirement only applies to a system that is categorized as high within the Risk Management Framework (RMF).
Review the System Security Plan (SSP) or other system documentation that specifies the operational uptime requirements and RMF system categorization.
If the system is categorized as high, from the Tomcat server as a privileged user, run the following command:
sudo grep -i -A10 -B2 "Cluster" $CATALINA_BASE/conf/server.xml
If the <Cluster/> element is commented out, or no results returned, then the system is not clustered and this is a finding.
M
4094