TCAT-AS-001560 - AccessLogValve must be configured for Catalina engine.

Information

The <Engine> container represents the entire request processing machinery associated with a particular Catalina Service. It receives and processes all requests from one or more connectors, and returns the completed response to the connector for transmission back to the client. The AccessLogValve will log activity for the Catalina service.

Exactly one engine element MUST be nested inside a service element, following all of the corresponding connector elements associated with the service.

Satisfies: SRG-APP-000495-AS-000220, SRG-APP-000381-AS-000089, SRG-APP-000499-AS-000224, SRG-APP-000504-AS-000229

Solution

As a privileged user on the Tomcat server, edit the $CATALINA_BASE/conf/server.xml file.

Create a <Valve> element that is nested beneath the <Host> element containing an AccessLogValve.

EXAMPLE:
<Host name='localhost' appBase='webapps'
unpackWARs='true' autoDeploy='false'>
...
<Valve className='org.apache.catalina.valves.AccessLogValve' directory='logs'
prefix='localhost_access_log' suffix='.txt'
pattern='%h %l %t %u &quot;%r&quot; %s %b' />
...
</Host>

Restart the Tomcat server:
sudo systemctl restart tomcat
sudo systemctl daemon-reload

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Tomcat_Application_Server_9_V3R1_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c., CAT|II, CCI|CCI-000172, CCI|CCI-003938, Rule-ID|SV-222997r985900_rule, STIG-ID|TCAT-AS-001560, STIG-Legacy|SV-111517, STIG-Legacy|V-102577, Vuln-ID|V-222997

Plugin: Unix

Control ID: 4d468df07a05a2a72c949edd1158549bb0723014a6d0c18e3a3e34917bdfb000