STIGQter STIGQter: STIG Summary: ISEC7 Sphere Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

A manager role must be assigned to the Apache Tomcat Web apps (Manager, Host-Manager).

DISA Rule

SV-224791r505933_rule

Vulnerability Number

V-224791

Group Title

SRG-APP-000090

Rule Version

ISEC-06-551400

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To add a manager role to the Apache Tomcat Web apps (Manager, Host-Manager), run the ISEC7 integrated installer or use the following manual procedure:

By default there are no users with the manager role assigned. To make use of the manager webapp you need to add a new role and user into the <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\conf\tomcat-users.xml file.

Login to the ISEC7 EMM Suite server.
Navigate to <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\conf\
Add a user with the manager role to <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\conf\tomcat-users.xml

example: <user username="admin" roles="manager-gui,manager-script" ..../>

Save the file.

Check Contents

Verify a manager role has been assigned to the Apache Tomcat Web apps (Manager, Host-Manager).

Login to the ISEC7 EMM Suite server.
Navigate to <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\conf\
Confirm a user with the manager role to <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\conf\tomcat-users.xml exists.

example: <user username="admin" roles="manager-gui,manager-script" ..../>

If a manager role has not been assigned to the Apache Tomcat Web apps, this is a finding.

Vulnerability Number

V-224791

Documentable

False

Rule Version

ISEC-06-551400

Severity Override Guidance

Verify a manager role has been assigned to the Apache Tomcat Web apps (Manager, Host-Manager).

Login to the ISEC7 EMM Suite server.
Navigate to <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\conf\
Confirm a user with the manager role to <Drive>:\Program Files\ISEC7 EMM Suite\Tomcat\conf\tomcat-users.xml exists.

example: <user username="admin" roles="manager-gui,manager-script" ..../>

If a manager role has not been assigned to the Apache Tomcat Web apps, this is a finding.

Check Content Reference

M

Target Key

4200

Comments