Ensure directory in logging.properties is a secure location – check log directory location
Details The directory attribute tells Tomcat where to store logs. The directory value should be a secure location with restricted...
- Home
- Security Hardening
- CIS Apache Tomcat 8 L1 V1.1.0 Middleware
CIS Apache Tomcat 8 L1 V1.1.0 Middleware
Ensure directory in logging.properties is a secure location – check prefix application name
Details The directory attribute tells Tomcat where to store logs. The directory value should be a secure location with restricted...Ensure pattern in context.xml is correct
Details The pattern setting informs Tomcat what information should be logged per application. At a minimum, enough information to uniquely...Ensure scheme is set accurately
Details The scheme attribute is used to indicate to callers of request.getScheme() which scheme is in use by the Connector....Ensure secure is set to true only for SSL-enabled Connectors – verify secure is set to true
Details The secure attribute is used to convey Connector security status to applications operating over the Connector. This is typically...Ensure SSLEnabled is set to True for Sensitive Connectors – verify SSLEnabled is set to true
Details The SSLEnabled setting determines if SSL is enabled for a specific Connector. It is recommended that SSL be utilized...Ensure SSL Protocol is set to TLS for Secure Connectors – verify sslProtocol is set to TLS
Details The sslProtocol setting determines which protocol Tomcat will use to protect traffic. It is recommended that sslProtocol attribute be...Ensure Web content directory is on a separate partition from the Tomcat system files – verify Web content directory
Details Store web content on a separate partition from Tomcat system files. Rationale: The web document directory is where the...Force SSL when accessing the manager application
Details Use the transport-guarantee attribute to ensure SSL protection when accessing the manager application. Rationale: By default when accessing the...Restrict access to $CATALINA_BASE
Details $CATALINA_BASE is the environment variable that specifies the base directory from which most relative paths are resolved. $CATALINA_BASE is...