Details
The Tomcat $CATALINA_HOME/conf/ directory contains Tomcat configuration files. It is recommended that the ownership of this directory be tomcat_admin:tomcat. It is also recommended that the permissions on this directory prevent read, write, and execute for the world (o-rwx) and prevent write access to the group (g-w).
Solution
Perform the following to restrict access to Tomcat configuration files:
1. Set the ownership of the $CATALINA_HOME/conf to tomcat_admin:tomcat.
2. Remove read, write, and execute permissions for the world
3. Remove write permissions for the group.
# chown tomcat_admin:tomcat $CATALINA_HOME/conf
# chmod g-w,o-rwx $CATALINA_HOME/conf
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.