STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Changes to $CATALINA_HOME/lib/ folder must be logged.

DISA Rule

SV-223000r615938_rule

Vulnerability Number

V-223000

Group Title

SRG-APP-000504-AS-000229

Rule Version

TCAT-AS-001592

Severity

CAT II

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Weight

10

Fix Recommendation

From the Tomcat server as a privileged user, use the auditctl command.

sudo auditctl -w $CATALINA_HOME/lib -p wa -k tomcat

Validate the audit watch was created.
sudo auditctl -l

The user should see:
-w $CATALINA_HOME/ -p wa -k tomcat

Check Contents

Run the following commands From the Tomcat server as a privileged user:

Identify the home folder for the Tomcat server.

sudo grep -i -- 'catalina_home\|catalina_base' /etc/systemd/system/tomcat.service

Check the audit rules for the Tomcat folders

sudo auditctl -l $CATALINA_HOME/bin |grep -i lib

If the results do not include -w $CATALINA_HOME/lib -p wa -k tomcat, or if there are no results, this is a finding.

Vulnerability Number

V-223000

Documentable

False

Rule Version

TCAT-AS-001592

Severity Override Guidance

Run the following commands From the Tomcat server as a privileged user:

Identify the home folder for the Tomcat server.

sudo grep -i -- 'catalina_home\|catalina_base' /etc/systemd/system/tomcat.service

Check the audit rules for the Tomcat folders

sudo auditctl -l $CATALINA_HOME/bin |grep -i lib

If the results do not include -w $CATALINA_HOME/lib -p wa -k tomcat, or if there are no results, this is a finding.

Check Content Reference

M

Target Key

4094

Comments