Detections
Analytics

TCAT-AS-000050 - AccessLogValve must be configured for each application context.

Information

Tomcat has the ability to host multiple contexts (applications) on one physical server by using the <Host><Context> attribute. This allows the admin to specify audit log settings on a per application basis.

Satisfies: SRG-APP-000016-AS-000013, SRG-APP-000080-AS-000045, SRG-APP-000089-AS-000050, SRG-APP-000091-AS-000052, SRG-APP-000095-AS-000056, SRG-APP-000098-AS-000061, SRG-APP-000099-AS-000062

Solution

As a privileged user on the Tomcat server:

Edit the $CATALINA_BASE/conf/server.xml file.

Create a <Valve> element that is nested within the <Context> element containing an AccessLogValve.

EXAMPLE:

<Context
...
<Valve className='org.apache.catalina.valves.AccessLogValve' directory='logs'
 prefix='application_name_log' suffix='.txt'
 pattern='%h %l %t %u &quot;%r&quot; %s %b' />
 ...
/>

Restart the Tomcat server:
sudo systemctl restart tomcat
sudo systemctl daemon-reload

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Tomcat_Application_Server_9_V3R3_STIG.zip

Item Details

Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

References: 800-53|AC-17(1), 800-53|AU-3, 800-53|AU-10, 800-53|AU-12a., 800-53|AU-12c., CAT|II, CCI|CCI-000067, CCI|CCI-000130, CCI|CCI-000133, CCI|CCI-000134, CCI|CCI-000166, CCI|CCI-000169, CCI|CCI-000172, Rule-ID|SV-222930r960765_rule, STIG-ID|TCAT-AS-000050, STIG-Legacy|SV-111379, STIG-Legacy|V-102435, Vuln-ID|V-222930

Plugin: Unix

Control ID: c611cc28717b71b9516b8a7918ff9bde4b9b31761fe71642764f36987b3c8127