Home
Security Hardening
DISA STIG Apache Tomcat Application Server 9 V2R3 Middleware

DISA STIG Apache Tomcat Application Server 9 V2R3 Middleware

TCAT-AS-000361 – Files in the $CATALINA_BASE/logs/ folder must have their permissions set to 640.
Details Tomcat file permissions must be restricted. The standard configuration is to have all Tomcat files owned by root with...
TCAT-AS-000090 – DefaultServlet must be set to readonly for PUT and DELETE.
Details The DefaultServlet is a servlet provided with Tomcat. It is called when no other suitable page can be displayed...
TCAT-AS-000100 – Connectors must be secured.
Details The unencrypted HTTP protocol does not protect data from interception or alteration which can subject users to eavesdropping, tracking,...
TCAT-AS-000110 – The Java Security Manager must be enabled.
Details The Java Security Manager (JSM) is what protects the Tomcat server from trojan servlets, JSPs, JSP beans, tag libraries,...
TCAT-AS-000180 – AccessLogValve must be configured per each virtual host.
Details Application servers utilize role-based access controls in order to specify the individuals who are allowed to configure application component...
TCAT-AS-000240 – Date and time of events must be logged.
Details The access logfile format is defined within a Valve that implements the org.apache.catalina.valves.AccessLogValve interface within the /opt/tomcat/server.xml configuration file:...
TCAT-AS-000250 – Remote hostname must be logged.
Details The access logfile format is defined within a Valve that implements the org.apache.catalina.valves.AccessLogValve interface within the /opt/tomcat/server.xml configuration file:...
TCAT-AS-000260 – HTTP status code must be logged.
Details The access logfile format is defined within a Valve that implements the org.apache.catalina.valves.AccessLogValve interface within the /opt/tomcat/server.xml configuration file:...
TCAT-AS-000370 – Files in the $CATALINA_BASE/conf/ folder must have their permissions set to 640.
Details Tomcat file permissions must be restricted. The standard configuration is to have all Tomcat files owned by root with...
TCAT-AS-000371 – $CATALINA_BASE/conf folder permissions must be set to 750.
Details Tomcat file permissions must be restricted. The standard configuration is to have all Tomcat files owned by root with...

Prev Next

DISA STIG Apache Tomcat Application Server 9 V2R3 Middleware

TCAT-AS-000361 – Files in the $CATALINA_BASE/logs/ folder must have their permissions set to 640.

TCAT-AS-000090 – DefaultServlet must be set to readonly for PUT and DELETE.

TCAT-AS-000100 – Connectors must be secured.

TCAT-AS-000110 – The Java Security Manager must be enabled.

TCAT-AS-000180 – AccessLogValve must be configured per each virtual host.

TCAT-AS-000240 – Date and time of events must be logged.

TCAT-AS-000250 – Remote hostname must be logged.

TCAT-AS-000260 – HTTP status code must be logged.

TCAT-AS-000370 – Files in the $CATALINA_BASE/conf/ folder must have their permissions set to 640.

TCAT-AS-000371 – $CATALINA_BASE/conf folder permissions must be set to 750.