Details
The directory attribute tells Tomcat where to store logs. The directory value should be a secure location with restricted access.
Rationale:
Securing the log location will help ensure the integrity and confidentiality of web application activity records.
Solution
Perform the following:
Add the following properties into your logging.properties file if they do not exist
Set the location pointed to by the directory attribute to be owned by tomcat_admin:tomcat with permissions of o-rwx.
# chown tomcat_admin:tomcat
# chmod o-rwx
Default Value:
The directory location is configured to store logs in $CATALINA_BASE/logs.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.