7.4 Ensure directory in context.xml is a secure location - permissions

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


The directory attribute tells Tomcat where to store logs. It is recommended that the location referenced by the directory attribute be secured.


Securing the log location will help ensure the integrity and confidentiality of web application activity.


Perform the following:

Add the following statement into the $CATALINA_BASE/webapps/<app_name>/META-INF/context.xml file if it does not already exist.

<Valve className='org.apache.catalina.valves.AccessLogValve'
prefix='access_log' fileDateFormat='yyyy-MM-dd.HH' suffix='.log' pattern='%h %t %H cookie:%{SESSIONID}c request:%{SESSIONID}r %m %U %s %q %r'

Set the location pointed to by the directory attribute to be owned by tomcat_admin:tomcat with permissions of o-rwx.

# chown tomcat_admin:tomcat $CATALINA_HOME/logs
# chmod o-rwx $CATALINA_HOME/logs

Default Value:

Does not exist by default

See Also