UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

$CATALINA_HOME folder must be owned by the root user, group tomcat.


Overview

Finding ID Version Rule ID IA Controls Severity
V-222986 TCAT-AS-001200 SV-222986r879753_rule Medium
Description
Tomcat file permissions must be restricted. The standard configuration is to have the folder where Tomcat is installed owned by the root user with the group set to tomcat. The $CATALINA_HOME environment variable should be set to the location of the root directory of the "binary" distribution of Tomcat.
STIG Date
Apache Tomcat Application Server 9 Security Technical Implementation Guide 2023-06-05

Details

Check Text ( C-24658r426402_chk )
Access the Tomcat server from the command line and execute the following OS command:

sudo find $CATALINA_HOME -follow -maxdepth 0 \( ! -user root -o ! -group tomcat \) -ls

If no folders are displayed, this is not a finding.

If results indicate the $CATALINA_HOME folder ownership and group membership is not set to root:tomcat, this is a finding.
Fix Text (F-24647r426403_fix)
Run the following commands on the Tomcat server:

sudo find $CATALINA_HOME -maxdepth 0 \( ! -user root \) | sudo xargs chown root

sudo find $CATALINA_HOME -maxdepth 0 \( ! -group tomcat \) | sudo xargs chgrp tomcat