4.4 Restrict access to Tomcat logs directory

Information

The Tomcat $CATALINA_HOME/logs/ directory contains Tomcat logs. It is recommended that the ownership of this directory be tomcat_admin:tomcat. It is also recommended that the permissions on this directory prevent read, write, and execute for the world (o-rwx).

Solution

Perform the following to restrict access to Tomcat log files:
1. Set the ownership of the $CATALINA_HOME/logs to tomcat_admin:tomcat.
2. Remove read, write, and execute permissions for the world
# chown tomcat_admin:tomcat <log location>
# chmod o-rwx <log location>

See Also

https://workbench.cisecurity.org/files/266

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6

Plugin: Unix

Control ID: ad1332301541e53e573bb1b321c69217e00d008807b8fce7376d056dac04fa65