15 - Restrict access to web application directory - mode

Information

The $JETTY_BASE/webapps directory contains web applications that are deployed through . It is recommended that you create a user to specifically run Jetty. This user should have the minimum set of privileges needed to run Jetty. The ownership of this directory should then be assigned to the Jetty user. It is also recommended that the permission on $JETTY_BASE/webapps prevent read, write, and execute for the world (o-rwx) and prevent write access to the group (g-w).

Restricting access to these directories will prevent local users from maliciously or inadvertently affecting the integrity of web applications.

Solution

Perform the following to restrict access to application log files:
1. Set the ownership of the $JETTY_BASE/webapps to _admin:.
2. Remove read, write, and execute permissions for the world.
# chown _admin: $JETTY_BASE/webapps
# chmod g-w,o-rwx $JETTY_BASE/webapps

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6

Plugin: Unix

Control ID: d515a1fbcd88559449479c33607282bdc2a510bc8cdd2bcd8fbad915e1a8711b