STIGQter: STIG Summary: Apache Tomcat Application Sever 9 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

$CATALINA_HOME folder must be owned by the root user, group tomcat.

DISA Rule

SV-222986r615938_rule

Vulnerability Number

V-222986

Group Title

SRG-APP-000380-AS-000088

Rule Version

TCAT-AS-001200

Severity

CAT II

CCI(s)

• CCI-001813 - The information system enforces access restrictions.

Weight

10

Fix Recommendation

Run the following commands on the Tomcat server:

sudo find $CATALINA_HOME -maxdepth 0 \( ! -user root \) | sudo xargs chown root

sudo find $CATALINA_HOME -maxdepth 0 \( ! -group tomcat \) | sudo xargs chgrp tomcat

Check Contents

Access the Tomcat server from the command line and execute the following OS command:

sudo find $CATALINA_HOME -follow -maxdepth 0 \( ! -user root -o ! -group tomcat \) -ls

If no folders are displayed, this is not a finding.

If results indicate the $CATALINA_HOME folder ownership and group membership is not set to root:tomcat, this is a finding.

Vulnerability Number

V-222986

Documentable

False

Rule Version

TCAT-AS-001200

Severity Override Guidance

Access the Tomcat server from the command line and execute the following OS command:

sudo find $CATALINA_HOME -follow -maxdepth 0 \( ! -user root -o ! -group tomcat \) -ls

If no folders are displayed, this is not a finding.

If results indicate the $CATALINA_HOME folder ownership and group membership is not set to root:tomcat, this is a finding.

Check Content Reference

M

Target Key

4094

Comments