Rule ID
SV-222930r960765_rule
Version
V3R4
CCIs
CCI-000067, CCI-000130, CCI-000133, CCI-000134, CCI-000166, CCI-000169, CCI-000172
Tomcat has the ability to host multiple contexts (applications) on one physical server by using the <Host><Context> attribute. This allows the admin to specify audit log settings on a per application basis. Satisfies: SRG-APP-000016-AS-000013, SRG-APP-000080-AS-000045, SRG-APP-000089-AS-000050, SRG-APP-000091-AS-000052, SRG-APP-000095-AS-000056, SRG-APP-000098-AS-000061, SRG-APP-000099-AS-000062
As an elevated user on the Tomcat server:
Edit the $CATALINA_BASE/conf/server.xml file.
Review for all <Context> elements.
If a <Valve className="org.apache.catalina.valves.AccessLogValve" .../> element is not defined within each <Context> element, this is a finding.
EXAMPLE:
<Context
...
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="application_name_log" suffix=".txt"
pattern=""%h %l %t %u &quot;%r&quot; %s %b" />
...
/>As a privileged user on the Tomcat server:
Edit the $CATALINA_BASE/conf/server.xml file.
Create a <Valve> element that is nested within the <Context> element containing an AccessLogValve.
EXAMPLE:
<Context
...
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="application_name_log" suffix=".txt"
pattern="%h %l %t %u &quot;%r&quot; %s %b" />
...
/>
Restart the Tomcat server:
sudo systemctl restart tomcat
sudo systemctl daemon-reload