4.1 Restrict access to $CATALINA_HOME


$CATALINA_HOME is the environment variable which holds the path to the root Tomcat directory. It is important to protect access to this in order to protect the Tomcat binaries and libraries from unauthorized modification. It is recommended that the ownership of $CATALINA_HOME be tomcat_admin:tomcat. It is also recommended that the permissions on $CATALINA_HOME prevent read, write, and execute for the world (o-rwx) and prevent write access to the group (g-w).


Perform the following to establish the recommended state:
1. Set the ownership of the $CATALINA_HOME to tomcat_admin:tomcat.
2. Remove read, write, and execute permissions for the world
3. Remove write permissions for the group.
# chown tomcat_admin.tomcat $CATALINA_HOME
# chmod g-w,o-rwx $CATALINA_HOME

See Also


Item Details


References: 800-53|AC-6

Plugin: Unix

Control ID: dfd774a1166e8ab9dcc609ecb292ab2e03fde544abaa4ded8fd0a32df5b9c3e4