7.6 Ensure directory in logging.properties is a secure location - check application log directory is secure

Information

The directory attribute tells Tomcat where to store logs. The directory value should be a secure location with restricted access.

Rationale:

Securing the log location will help ensure the integrity and confidentiality of web application activity records.

Solution

Perform the following:

Add the following properties into your logging.properties file if they do not exist

<application_name>.org.apache.juli.AsyncFileHandler.directory=<log_location>
<application_name>.org.apache.juli.AsyncFileHandler.prefix=<application_name>

Set the location pointed to by the directory attribute to be owned by tomcat_admin:tomcat with permissions of o-rwx.

# chown tomcat_admin:tomcat <log_location>
# chmod o-rwx <log_location>

Default Value:

The directory location is configured to store logs in $CATALINA_BASE/logs.

See Also

https://workbench.cisecurity.org/benchmarks/11652

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|CM-7, 800-53|CM-7(1), 800-53|SI-7, 800-53|SI-7(1), CSCv7|14.6

Plugin: Unix

Control ID: e0393a09df7036eef1f248a7a5f5c75f024b40b4b81e37e07841d61bf6b1d544