Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The first line of request must be logged.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-222942 | TCAT-AS-000270 | SV-222942r615938_rule | Medium |
| Description |
|---|
| The access logfile format is defined within a Valve that implements the org.apache.catalina.valves.AccessLogValve interface within the /opt/tomcat/server.xml configuration file: The "%r" pattern code is included in the pattern element and logs the first line associated with the event, namely the request method, URL path, query string, and protocol (""" simply specifies a literal double quote). Including the pattern in the log configuration provides useful information about the time of the event which is critical for troubleshooting and forensic investigations. |
| STIG | Date |
|---|---|
| Apache Tomcat Application Sever 9 Security Technical Implementation Guide | 2021-12-27 |
Details
| Check Text ( C-24614r426270_chk ) |
|---|
| As an elevated user on the Tomcat server: Edit the $CATALINA_BASE/conf/server.xml file. Review all "Valve" elements. If the pattern= statement does not include "%r", this is a finding. EXAMPLE: ... pattern="%h %l %t %u "%r" %s %b" /> ... |
| Fix Text (F-24603r426271_fix) |
|---|
| As a privileged user on the Tomcat server: Edit the $CATALINA_BASE/conf/server.xml file. Modify the Change the AccessLogValve setting to include "%r" in the pattern= statement. EXAMPLE: ... pattern="%h %l %t %u "%r" %s %b" /> ... Restart the Tomcat server: sudo systemctl restart tomcat sudo systemctl daemon-reload |