UCF STIG Viewer Logo

Tomcat user account must be set to nologin.


Overview

Finding ID Version Rule ID IA Controls Severity
V-222983 TCAT-AS-001050 SV-222983r615938_rule Medium
Description
When installing Tomcat, a user account is created on the OS. This account is used in order for Tomcat to be able to operate on the OS but does not require the ability to actually log in to the system. Therefore when the account is created, the account must not be provided access to a login shell or other program on the system. This is done by specifying the "nologin" parameter in the command/shell field of the passwd file.
STIG Date
Apache Tomcat Application Sever 9 Security Technical Implementation Guide 2021-12-27

Details

Check Text ( C-24655r426393_chk )
From the command line of the Tomcat server type the following command:

sudo cat /etc/passwd|grep -i tomcat

If the command/shell field of the passwd file is not set to "/usr/sbin/nologin", this is a finding.
Fix Text (F-24644r426394_fix)
From the Tomcat command line type the following command:

sudo usermod -s /usr/sbin/nologin tomcat