4.12 Restrict access to Tomcat server.xml

Information

server.xml contains Tomcat servlet definitions and configurations. It is recommended that access to this file properly protect against unauthorized changes.

Rationale:

Restricting access to this file will prevent local users from maliciously or inadvertently altering Tomcat's security policy.

Solution

Perform the following to restrict access to server.xml:

Set the ownership of the $CATALINA_HOME/conf/server.xml to tomcat_admin:tomcat.

# chown tomcat_admin:tomcat $CATALINA_HOME/conf/server.xml

Set the permissions of the $CATALINA_HOME/conf/server.xml to 600

# chmod 600 $CATALINA_HOME/conf/server.xml

Default Value:

The default permissions of the top-level directories are 600.

See Also

https://workbench.cisecurity.org/files/2506

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CSCv6|3.1, CSCv7|14.6

Plugin: Unix

Control ID: f3ca6b4dfc37ae461146697a3cf8e93c3d071c7bdf83527bd0d349f8f92e6b0b