7.6 Ensure directory in logging.properties is a secure location

Information

The directory attribute tells Tomcat where to store logs. The directory value should be a secure location with restricted access.

Securing the log location will help ensure the integrity and confidentiality of web application activity records.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Perform the following:

- Add the following properties into your logging.properties file if they do not exist <application_name>.org.apache.juli.AsyncFileHandler.directory=<log_location><application_name>.org.apache.juli.AsyncFileHandler.prefix=<application_name>
- Set the location pointed to by the directory attribute to be owned by tomcat_admin:tomcat with permissions of o-rwx # chown tomcat_admin:tomcat <log_location># chmod o-rwx <log_location>

See Also

https://workbench.cisecurity.org/benchmarks/15137

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 5df6ddb63b67a5f45f9def6c28a1588a8bc83b072dcb8c788e5cd537c37e40e1