2.5 Disable client facing Stack Traces | SYSTEM AND INFORMATION INTEGRITY |
2.6 Turn off TRACE | AUDIT AND ACCOUNTABILITY |
3.1 Set a nondeterministic Shutdown command value | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
4.1 Restrict access to $CATALINA_HOME | ACCESS CONTROL, MEDIA PROTECTION |
4.2 Restrict access to $CATALINA_BASE | ACCESS CONTROL, MEDIA PROTECTION |
4.3 Restrict access to Tomcat configuration directory | ACCESS CONTROL, MEDIA PROTECTION |
4.4 Restrict access to Tomcat logs directory | ACCESS CONTROL, MEDIA PROTECTION |
4.5 Restrict access to Tomcat temp directory | ACCESS CONTROL, MEDIA PROTECTION |
4.6 Restrict access to Tomcat bin directory | ACCESS CONTROL, MEDIA PROTECTION |
4.7 Restrict access to Tomcat web application directory | ACCESS CONTROL, MEDIA PROTECTION |
4.8 Restrict access to Tomcat catalina.properties | ACCESS CONTROL, MEDIA PROTECTION |
4.9 Restrict access to Tomcat catalina.policy | ACCESS CONTROL, MEDIA PROTECTION |
4.10 Restrict access to Tomcat context.xml | ACCESS CONTROL, MEDIA PROTECTION |
4.11 Restrict access to Tomcat logging.properties | ACCESS CONTROL, MEDIA PROTECTION |
4.12 Restrict access to Tomcat server.xml | ACCESS CONTROL, MEDIA PROTECTION |
4.13 Restrict access to Tomcat tomcat-users.xml | ACCESS CONTROL, MEDIA PROTECTION |
4.14 Restrict access to Tomcat web.xml | ACCESS CONTROL, MEDIA PROTECTION |
4.15 Restrict access to jaspic-providers.xml | ACCESS CONTROL, MEDIA PROTECTION |
6.2 Ensure SSLEnabled is set to True for Sensitive Connectors | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
6.3 Ensure scheme is set accurately | CONFIGURATION MANAGEMENT |
6.4 Ensure secure is set to true only for SSL-enabled Connectors | SYSTEM AND COMMUNICATIONS PROTECTION |
6.5 Ensure 'sslProtocol' is Configured Correctly for Secure Connectors | SYSTEM AND COMMUNICATIONS PROTECTION |
7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web application | AUDIT AND ACCOUNTABILITY |
7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin default | AUDIT AND ACCOUNTABILITY |
7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in default | AUDIT AND ACCOUNTABILITY |
7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application | AUDIT AND ACCOUNTABILITY |
7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in default | AUDIT AND ACCOUNTABILITY |
7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | AUDIT AND ACCOUNTABILITY |
7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default | AUDIT AND ACCOUNTABILITY |
7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in web application | AUDIT AND ACCOUNTABILITY |
7.4 Ensure directory in context.xml is a secure location - configuration | ACCESS CONTROL, MEDIA PROTECTION |
7.4 Ensure directory in context.xml is a secure location - permissions | ACCESS CONTROL, MEDIA PROTECTION |
7.5 Ensure pattern in context.xml is correct | AUDIT AND ACCOUNTABILITY |
7.6 Ensure directory in logging.properties is a secure location - check application log directory is secure | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
7.6 Ensure directory in logging.properties is a secure location - check log directory location | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
7.6 Ensure directory in logging.properties is a secure location - check prefix application name | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
8.1 Restrict runtime access to sensitive packages | ACCESS CONTROL, MEDIA PROTECTION |
9.1 Starting Tomcat with Security Manager | CONFIGURATION MANAGEMENT |
10.1 Ensure Web content directory is on a separate partition from the Tomcat system files | CONFIGURATION MANAGEMENT, MAINTENANCE |
10.2 Restrict access to the web administration application | ACCESS CONTROL |
10.4 Force SSL when accessing the manager application via HTTP | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
10.7 Turn off session facade recycling | CONFIGURATION MANAGEMENT |
10.12 Do not allow symbolic linking | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
10.13 Do not run applications as privileged | ACCESS CONTROL |
10.14 Do not allow cross context requests | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
10.16 Enable memory leak listener | CONFIGURATION MANAGEMENT |
10.17 Setting Security Lifecycle Listener - check for config component | ACCESS CONTROL |
10.17 Setting Security Lifecycle Listener - check for umask present in startup | ACCESS CONTROL |
10.17 Setting Security Lifecycle Listener - check for umask uncommented in startup | ACCESS CONTROL |
10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - context.xml | AUDIT AND ACCOUNTABILITY |