Details

Tomcat has the ability to host multiple contexts (applications) on one physical server by using the attribute. This allows the admin to specify audit log settings on a per application basis.

Satisfies: SRG-APP-000016-AS-000013, SRG-APP-000080-AS-000045, SRG-APP-000089-AS-000050, SRG-APP-000091-AS-000052, SRG-APP-000095-AS-000056, SRG-APP-000098-AS-000061, SRG-APP-000099-AS-000062

Solution

As a privileged user on the Tomcat server:

Edit the $CATALINA_BASE/conf/server.xml file.

Create a element that is nested within the element containing an AccessLogValve.

EXAMPLE:

…
prefix=’application_name_log’ suffix=’.txt’
pattern=’%h %l %t %u "%r" %s %b’ />
…
/>

Restart the Tomcat server:
sudo systemctl restart tomcat
sudo systemctl daemon-reload

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Tomcat_Application_Server_9_V2R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Audit and Accountability.This control applies to the following type of system Unix.

References

• 800-53|AC-17(1)
• 800-53|AU-3
• 800-53|AU-10
• 800-53|AU-12a.
• 800-53|AU-12c.
• CAT|II
• CCI|CCI-000067
• CCI|CCI-000130
• CCI|CCI-000133
• CCI|CCI-000134
• CCI|CCI-000166
• CCI|CCI-000169
• CCI|CCI-000172
• Rule-ID|SV-222930r615938_rule
• STIG-ID|TCAT-AS-000050
• STIG-Legacy|SV-111379
• STIG-Legacy|V-102435
• Vuln-ID|V-222930

Source

• Tenable.com/audits