4.14 Restrict access to Tomcat web.xml

Information

web.xml is a Tomcat configuration file that stores application configuration settings. It is recommended that access to this file has the proper permissions to properly protect from unauthorized changes.

Solution

Perform the following to restrict access to web.xml:
1. Set the ownership of the $CATALINA_HOME/conf/web.xml to tomcat_admin:tomcat.
2. Remove read, write, and execute permissions for the world.
3. Remove write permissions for the group.
# chown tomcat_admin:tomcat $CATALINA_HOME/conf/web.xml
# chmod g-w,o-rwx $CATALINA_HOME/conf/web.xml

See Also

https://workbench.cisecurity.org/files/266

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6

Plugin: Unix

Control ID: 14d575d86d35f3c9a2794d3c6ce9f5134e0d12be6e8767c557fe2105ee14703d