7.6 Ensure directory in logging.properties is a secure location (check log directory location)

Information

The directory attribute tells Tomcat where to store logs. The directory value should be a secure location with restricted access.

Solution

Perform the following:
1. Add the following properties into your logging.properties file if they do not exist
<application_name>.org.apache.juli.FileHandler.directory=<log_location>
<application_name>.org.apache.juli.FileHandler.prefix=<application_name>
2. Set the location pointed to by the directory attribute to be owned by tomcat_admin:tomcat with permissions of o-rwx.
# chown tomcat_admin:tomcat <log_location>
# chmod o-rwx <log_location>

See Also

https://workbench.cisecurity.org/files/266

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(4)

Plugin: Unix

Control ID: 4108ad4e8b816b2cdd9903add566a608f802e3d2ba2617ebb17a1a4248ef7596