STIGQter STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Keystore file must be protected.

DISA Rule

SV-222967r615938_rule

Vulnerability Number

V-222967

Group Title

SRG-APP-000176-AS-000125

Rule Version

TCAT-AS-000710

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Run the following commands on the Tomcat server:

sudo chmod 640 [keystorefile]
sudo chown root [keystorefile]
sudo chgrp tomcat [keystorefile]

Store the keystore file in a secured folder within the Tomcat folder path.

Check Contents

Identify the location of the .keystore file. Refer to system documentation or review the server.xml file for a specified .keystore file location.

From the Tomcat server console run the following command to check the server.xml file:

sudo grep -i keystorefile $CATALINA_BASE/conf/server.xml

Extract the location of the file from the output.

Example:
[keystorefile=/opt/tomcat/conf/<filename.jks>]

sudo ls -la [keystorefile location]

If the file permissions are not set to 640 USER:root GROUP:tomcat, this is a finding.

If the keystore file is not stored within the tomcat folder path, i.e. [/opt/tomcat/], this is a finding.

Vulnerability Number

V-222967

Documentable

False

Rule Version

TCAT-AS-000710

Severity Override Guidance

Identify the location of the .keystore file. Refer to system documentation or review the server.xml file for a specified .keystore file location.

From the Tomcat server console run the following command to check the server.xml file:

sudo grep -i keystorefile $CATALINA_BASE/conf/server.xml

Extract the location of the file from the output.

Example:
[keystorefile=/opt/tomcat/conf/<filename.jks>]

sudo ls -la [keystorefile location]

If the file permissions are not set to 640 USER:root GROUP:tomcat, this is a finding.

If the keystore file is not stored within the tomcat folder path, i.e. [/opt/tomcat/], this is a finding.

Check Content Reference

M

Target Key

4094

Comments