4.11 Restrict access to Tomcat logging.properties

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

logging.properties is a Tomcat files which specifies the logging configuration. It is recommended that access to this file properly protect from unauthorized changes.

Rationale:

Restricting access to this file will prevent local users from maliciously or inadvertently altering Tomcat's security policy.

Solution

Perform the following to restrict access to logging.properties:

Set the ownership of the $CATALINA_HOME/conf/logging.properties to tomcat_admin:tomcat.

# chown tomcat_admin:tomcat $CATALINA_HOME/conf/logging.properties

Set the permissions for the $CATALINA_HOME/conf/logging.properties file to 600.

# chmod 600 $CATALINA_HOME/conf/logging.properties

Default Value:

The default permissions are 600.

See Also

https://workbench.cisecurity.org/files/4103