Check: TCAT-AS-001600
Apache Tomcat 9 STIG:
TCAT-AS-001600
(in version v1 r0.1)
Title
AccessLogValve must be configured per each virtual host. (Cat II impact)
Discussion
Tomcat has the ability to host multiple virtual hosts on one physical server by using the container attribute. This allows the admin to separate hosted applications according to where the domain the application will be available. Configuring logs on a per-host basis allows for log management that correlates to the virtual host activity. false
Check Content
As an elevated user on the Tomcat server: Edit the $CATALINA_HOME/conf/server.xml file. Review for all <Host> elements. If a <Valve className="org.apache.catalina.valves.AccessLogValve" .../> element is not defined for each <Host> element, this is a finding. EXAMPLE: <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false"> ... <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %t %u "%r" %s %b" /> ... </Host>
Fix Text
As a privileged user on the Tomcat server: Edit the $CATALINA_HOME/conf/server.xml file. Create a <Valve> element that is nested beneath the <Host> element containing an AccessLogValve. EXAMPLE: <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false"> ... <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %t %u "%r" %s %b" /> ... </Host> Restart the Tomcat server: sudo systemctl restart tomcat sudo systemctl daemon-reload
Additional Identifiers
Rule ID: TCAT-AS-001600_rule
Vulnerability ID: TCAT-AS-001600
Group Title: SRG-APP-000505-AS-000230
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000172 |
The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3. |
Controls
Number | Title |
---|---|
AU-12 |
Audit Generation |