Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1 Remove extraneous files and directories (CONFIG_DIR/Catalina/localhost/host-manager.xml)CIS Apache Tomcat 7 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

1.2 Disable Unused ConnectorsCIS Apache Tomcat 7 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

3.1 Set a nondeterministic Shutdown command valueCIS Apache Tomcat 8 L1 v1.1.0Unix

ACCESS CONTROL

3.1 Set a nondeterministic Shutdown command valueCIS Apache Tomcat 11 v1.0.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

3.1 Set a nondeterministic Shutdown command value.CIS Apache Tomcat 7 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

4.5 Restrict access to Tomcat temp directoryCIS Apache Tomcat 8 L1 v1.1.0Unix

ACCESS CONTROL

4.6 Restrict access to Tomcat binaries directoryCIS Apache Tomcat 7 L1 v1.1.0Unix

ACCESS CONTROL

4.6 Restrict access to Tomcat binaries directoryCIS Apache Tomcat 10.1 v1.1.0 L1Unix

CONFIGURATION MANAGEMENT

4.6 Restrict access to Tomcat binaries directoryCIS Apache Tomcat 11 v1.0.0 L1Unix

CONFIGURATION MANAGEMENT

4.8 Restrict access to Tomcat catalina.propertiesCIS Apache Tomcat 8 L1 v1.1.0Unix

ACCESS CONTROL

4.8 Restrict access to Tomcat catalina.propertiesCIS Apache Tomcat 10.1 v1.1.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

4.9 Restrict access to Tomcat catalina.policyCIS Apache Tomcat 8 L1 v1.1.0Unix

ACCESS CONTROL

4.10 Restrict access to Tomcat context.xmlCIS Apache Tomcat 11 v1.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

4.12 Restrict access to Tomcat server.xmlCIS Apache Tomcat 7 L1 v1.1.0Unix

ACCESS CONTROL

5.1 Use secure RealmsCIS Apache Tomcat 10.1 v1.1.0 L2Unix

ACCESS CONTROL, MEDIA PROTECTION

5.2 Use LockOut RealmsCIS Apache Tomcat 10 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

5.2 Use LockOut RealmsCIS Apache Tomcat 10.1 v1.1.0 L2Unix

CONFIGURATION MANAGEMENT

6.1 Setup Client-cert AuthenticationCIS Apache Tomcat 10 L2 v1.1.0Unix

IDENTIFICATION AND AUTHENTICATION

6.1 Setup Client-cert AuthenticationCIS Apache Tomcat 8 L2 v1.1.0Unix

IDENTIFICATION AND AUTHENTICATION

6.2 Ensure SSLEnabled is set to True for Sensitive ConnectorsCIS Apache Tomcat 10.1 v1.1.0 L1Unix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.5 Ensure 'sslProtocol' is Configured Correctly for Secure ConnectorsCIS Apache Tomcat 10.1 v1.1.0 L1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

6.6 Control the maximum size of a POST request that will be parsed for parameterCIS Apache Tomcat 8 L1 v1.1.0Unix
7.2 Specify file handler in logging.properties (check if java.util.logging.ConsoleHandler logging is enabled in default)CIS Apache Tomcat 7 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in defaultCIS Apache Tomcat 8 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web applicationCIS Apache Tomcat 8 L1 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

7.6 Ensure directory in logging.properties is a secure locationCIS Apache Tomcat 10.1 v1.1.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

7.7 Configure log file size limit (verify java.util.logging.FileHandler.limit is present)CIS Apache Tomcat 7 L2 v1.1.0Unix

AUDIT AND ACCOUNTABILITY

8.1 Restrict runtime access to sensitive packagesCIS Apache Tomcat 8 L1 v1.1.0Unix

ACCESS CONTROL

9.2 Disable deploy on startup of applicationsCIS Apache Tomcat 10.1 v1.1.0 L2Unix

CONFIGURATION MANAGEMENT

9.2 Disabling auto deployment of applicationsCIS Apache Tomcat 10 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

9.2 Disabling auto deployment of applicationsCIS Apache Tomcat 7 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

9.2 Disabling auto deployment of applicationsCIS Apache Tomcat 8 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

9.3 Disable deploy on startup of applicationsCIS Apache Tomcat 7 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

9.3 Disable deploy on startup of applicationsCIS Apache Tomcat 8 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

10.1 Ensure Web content directory is on a separate partition from the Tomcat system filesCIS Apache Tomcat 11 v1.0.0 L1Unix

CONFIGURATION MANAGEMENT, MAINTENANCE

10.3 Restrict manager applicationCIS Apache Tomcat 10.1 v1.1.0 L2Unix

ACCESS CONTROL

10.4 Force SSL when accessing the manager applicationCIS Apache Tomcat 7 L1 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

10.9 Configure connectionTimeoutCIS Apache Tomcat 10 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

10.9 Configure connectionTimeoutCIS Apache Tomcat 10.1 v1.1.0 L2Unix

CONFIGURATION MANAGEMENT

10.10 Configure connectionTimeoutCIS Apache Tomcat 8 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

10.10 Configure maxHttpHeaderSizeCIS Apache Tomcat 10.1 v1.1.0 L2Unix

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

10.11 Configure maxHttpHeaderSizeCIS Apache Tomcat 7 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

10.12 Force SSL for all applicationsCIS Apache Tomcat 8 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

10.15 Do not run applications as privilegedCIS Apache Tomcat 7 L1 v1.1.0Unix

ACCESS CONTROL

10.17 Do not resolve hosts on logging valvesCIS Apache Tomcat 7 L2 v1.1.0Unix

CONFIGURATION MANAGEMENT

10.17 Enable memory leak listener - verify presentCIS Apache Tomcat 8 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

10.18 Enable memory leak listener (verify present)CIS Apache Tomcat 7 L1 v1.1.0Unix

SYSTEM AND INFORMATION INTEGRITY

10.18 Setting Security Lifecycle Listener - check for umask present in startupCIS Apache Tomcat 8 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

10.18 Setting Security Lifecycle Listener - check for umask uncommented in startupCIS Apache Tomcat 8 L1 v1.1.0Unix

CONFIGURATION MANAGEMENT

10.19 Setting Security Lifecycle Listener (check for umask uncommented in startup)CIS Apache Tomcat 7 L1 v1.1.0Unix

ACCESS CONTROL