Rule ID
SV-222997r1016518_rule
Version
V3R4
CCIs
CCI-000172, CCI-003938, CCI-001814
The <Engine> container represents the entire request processing machinery associated with a particular Catalina Service. It receives and processes all requests from one or more connectors, and returns the completed response to the connector for transmission back to the client. The AccessLogValve will log activity for the Catalina service. Exactly one engine element MUST be nested inside a service element, following all of the corresponding connector elements associated with the service. Satisfies: SRG-APP-000495-AS-000220, SRG-APP-000381-AS-000089, SRG-APP-000499-AS-000224, SRG-APP-000504-AS-000229
As an elevated user on the Tomcat server, edit the $CATALINA_BASE/conf/server.xml file.
Review the <Engine> element. Ensure one AccessLog <Valve> element is nested within the engine element.
If a <Valve className="org.apache.catalina.valves.AccessLogValve" .../> element is not defined, this is a finding.
EXAMPLE:
<Engine name="Standalone" ...>
...
<Valve className="org.apache.catalina.valves.AccessLogValve"
prefix="catalina_access_log" suffix=".txt"
pattern="common"/>
...
</Engine>As a privileged user on the Tomcat server, edit the $CATALINA_BASE/conf/server.xml file.
Create a <Valve> element that is nested beneath the <Host> element containing an AccessLogValve.
EXAMPLE:
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="false">
...
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %t %u &quot;%r&quot; %s %b" />
...
</Host>
Restart the Tomcat server:
sudo systemctl restart tomcat
sudo systemctl daemon-reload