STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Apache Tomcat Application Server 9 Security Technical Implementation Guide

V-222986

CAT II (Medium)

$CATALINA_HOME folder must be owned by the root user, group tomcat.

Rule ID

SV-222986r961461_rule

STIG

Apache Tomcat Application Server 9 Security Technical Implementation Guide

Version

V3R4

CCIs

CCI-001813

Discussion

Tomcat file permissions must be restricted. The standard configuration is to have the folder where Tomcat is installed owned by the root user with the group set to tomcat. The $CATALINA_HOME environment variable should be set to the location of the root directory of the "binary" distribution of Tomcat.

Check Content

Access the Tomcat server from the command line and execute the following OS command:

sudo find $CATALINA_HOME -follow -maxdepth 0 \(  ! -user root -o ! -group tomcat \) -ls

If no folders are displayed, this is not a finding.

If results indicate the $CATALINA_HOME folder ownership and group membership is not set to root:tomcat, this is a finding.

Fix Text

Run the following commands on the Tomcat server:

sudo find $CATALINA_HOME -maxdepth 0 \( ! -user root \) | sudo xargs chown root

sudo find $CATALINA_HOME -maxdepth 0 \( ! -group tomcat \) | sudo xargs chgrp tomcat