AccessLogValve must be configured for each application context.

AccessLogValve must be configured for each application context.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-222930	TCAT-AS-000050	SV-222930r615938_rule		Medium

Description
Tomcat has the ability to host multiple contexts (applications) on one physical server by using the <Host><Context> attribute. This allows the admin to specify audit log settings on a per application basis. Satisfies: SRG-APP-000016-AS-000013, SRG-APP-000080-AS-000045, SRG-APP-000089-AS-000050, SRG-APP-000091-AS-000052, SRG-APP-000095-AS-000056, SRG-APP-000098-AS-000061, SRG-APP-000099-AS-000062

STIG	Date
Apache Tomcat Application Sever 9 Security Technical Implementation Guide	2020-12-11

Details

Check Text ( C-24602r426234_chk )
As an elevated user on the Tomcat server: Edit the $CATALINA_BASE/conf/server.xml file. Review for all elements. If a element is not defined within each element, this is a finding. EXAMPLE: ... prefix="application_name_log" suffix=".txt" pattern=""%h %l %t %u "%r" %s %b" /> ... />

Fix Text (F-24591r426235_fix)
As a privileged user on the Tomcat server: Edit the $CATALINA_BASE/conf/server.xml file. Create a element that is nested within the element containing an AccessLogValve. EXAMPLE: ... prefix="application_name_log" suffix=".txt" pattern="%h %l %t %u "%r" %s %b" /> ... /> Restart the Tomcat server: sudo systemctl restart tomcat sudo systemctl daemon-reload