Item Search

NameAudit NamePluginCategory
1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/docsCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/examplesCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/host-managerCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/managerCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/ROOTCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

1.2 Disable Unused ConnectorsCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

2.6 Turn off TRACECIS Apache Tomcat 9 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

2.7 Ensure Sever Header is Modified To Prevent Information DisclosureCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

4.1 Restrict access to $CATALINA_HOMECIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.2 Restrict access to $CATALINA_BASECIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.6 Restrict access to Tomcat binaries directoryCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.7 Restrict access to Tomcat web application directoryCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

4.15 Restrict access to jaspic-providers.xmlCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2 Use LockOut RealmsCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

6.1 Setup Client-cert AuthenticationCIS Apache Tomcat 9 L2 v1.2.0Unix

IDENTIFICATION AND AUTHENTICATION

6.3 Ensure scheme is set accuratelyCIS Apache Tomcat 9 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to trueCIS Apache Tomcat 9 L1 v1.2.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Application specific loggingCIS Apache Tomcat 9 L2 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web applicationCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin defaultCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in defaultCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web applicationCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in defaultCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web applicationCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in defaultCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.3 Ensure className is set correctly in context.xmlCIS Apache Tomcat 9 L2 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.4 Ensure directory in context.xml is a secure location - configurationCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

7.4 Ensure directory in context.xml is a secure location - permissionsCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL, MEDIA PROTECTION

7.5 Ensure pattern in context.xml is correctCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

7.6 Ensure directory in logging.properties is a secure location - check log directory locationCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL

7.6 Ensure directory in logging.properties is a secure location - check prefix application nameCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL

9.1 Starting Tomcat with Security ManagerCIS Apache Tomcat 9 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

9.2 Disabling auto deployment of applicationsCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

9.3 Disable deploy on startup of applicationsCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

10.4 Force SSL when accessing the manager application via HTTPCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.5 Rename the manager application - webapps/managerCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

10.6 Enable strict servlet ComplianceCIS Apache Tomcat 9 L2 v1.2.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

10.7 Turn off session facade recyclingCIS Apache Tomcat 9 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT

10.8 Do not allow additional path delimiters - ALLOW_BACKSLASHCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

10.8 Do not allow additional path delimiters - ALLOW_ENCODED_SLASHCIS Apache Tomcat 9 L2 v1.2.0Unix

CONFIGURATION MANAGEMENT

10.11 Force SSL for all applicationsCIS Apache Tomcat 9 L2 v1.2.0Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.14 Do not allow cross context requestsCIS Apache Tomcat 9 L1 v1.2.0Unix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

10.15 Do not resolve hosts on logging valvesCIS Apache Tomcat 9 L2 v1.2.0Unix

SYSTEM AND INFORMATION INTEGRITY

10.17 Setting Security Lifecycle Listener - check for umask present in startupCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL

10.17 Setting Security Lifecycle Listener - check for umask uncommented in startupCIS Apache Tomcat 9 L1 v1.2.0Unix

ACCESS CONTROL

10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in productionCIS Apache Tomcat 9 L1 v1.2.0Unix

AUDIT AND ACCOUNTABILITY

AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled.DISA STIG Apache Server 2.4 Unix Site v2r4Unix

SYSTEM AND INFORMATION INTEGRITY

AS24-U2-000640 - Debugging and trace information used to diagnose the Apache web server must be disabled.DISA STIG Apache Server 2.4 Unix Site v2r4 MiddlewareUnix

SYSTEM AND INFORMATION INTEGRITY

Tomcat foundCIS Apache Tomcat 9 L2 v1.2.0Unix
Tomcat foundCIS Apache Tomcat 9 L1 v1.2.0Unix