Check: TCAT-AS-000140
Apache Tomcat 9 STIG:
TCAT-AS-000140
(in version v1 r0.1)
Title
AccessLogValve must be configured for each application context. (Cat III impact)
Discussion
Tomcat has the ability to host multiple contexts (applications) on one physical server by using the element. This allows the admin to specify audit log settings on a per application basis. false
Check Content
As an elevated user on the Tomcat server: Edit the $CATALINA_HOME\conf\server.xml file. Review for all <Host> elements. If a <Valve className="org.apache.catalina.valves.AccessLogValve" .../> element is not defined for each <Host> element, this is a finding. EXAMPLE: <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false"> ... <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %t %u "%r" %s %b" /> ... </Host>
Fix Text
As a privileged user on the Tomcat server: Edit the $CATALINA_HOME\conf\server.xml file. Create a <Valve> element that is nested beneath the <Host> element containing an AccessLogValve. EXAMPLE: <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false"> ... <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %t %u "%r" %s %b" /> ... </Host> Restart the Tomcat server: sudo systemctl restart tomcat sudo systemctl daemon-reload
Additional Identifiers
Rule ID: TCAT-AS-000140_rule
Vulnerability ID: TCAT-AS-000140
Group Title: SRG-APP-000080-AS-000045
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000166 |
The information system protects against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation. |
Controls
Number | Title |
---|---|
AU-10 |
Non-Repudiation |