4.5 Restrict access to Tomcat temp directory

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The Tomcat $CATALINA_HOME/temp directory is used by Tomcat to persist temporary information to disk. It is recommended that the ownership of this directory be tomcat_admin:tomcat. It is also recommended that the permissions on this directory deny read, write, and execute for the world (o-rwx).

Rationale:

Restricting access to these directories will prevent local users from maliciously or inadvertently affecting the integrity of Tomcat processes.

Solution

Perform the following to restrict access to Tomcat temp directory:

Set the ownership of the $CATALINA_HOME/temp to tomcat_admin:tomcat.

# chown tomcat_admin:tomcat $CATALINA_HOME/temp

Remove read, write, and execute permissions for the world

# chmod o-rwx $CATALINA_HOME/temp

Default Value:

The default permissions of the top-level directories are 770.

See Also

https://workbench.cisecurity.org/files/3090