4.14 Restrict access to Tomcat web.xml

Information

The Tomcat configuration file web.xml stores application configuration settings. It is recommended that access to this file properly protect from unauthorized changes.

Rationale:

Restricting access to this file will prevent local users from maliciously or inadvertently altering Tomcat's security policy.

Solution

Perform the following to restrict access to web.xml:

Set the ownership of the $CATALINA_HOME/conf/web.xml to tomcat_admin:tomcat.

# chown tomcat_admin:tomcat $CATALINA_HOME/conf/web.xml

Set the permissions for the $CATALINA_HOME/conf/web.xml file to 400.

# chmod 400 $CATALINA_HOME/conf/web.xml

Default Value:

The default permissions of web.xml are 400.

See Also

https://workbench.cisecurity.org/files/4107

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: 4be4d1aba0747dc0095ac035bcab3409aae4530fd67d6f5ab086c7d34d5551c3