Details
The directory attribute tells Tomcat where to store logs. It is recommended that the location referenced by the directory attribute be secured.
Rationale:
Securing the log location will help ensure the integrity and confidentiality of web application activity.
Solution
Perform the following:
Add the following statement into the $CATALINA_BASE/webapps/
prefix=’access_log’ fileDateFormat=’yyyy-MM-dd.HH’ suffix=’.log’ pattern=’%h %t %H cookie:%{SESSIONID}c request:%{SESSIONID}r %m %U %s %q %r’
/>
Set the location pointed to by the directory attribute to be owned by tomcat_admin:tomcat with permissions of o-rwx.
# chown tomcat_admin:tomcat $CATALINA_HOME/logs
# chmod o-rwx $CATALINA_HOME/logs
Default Value:
Does not exist by default
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.