Apache Tomcat Application Server 9 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000267-AS-000170
<GroupDescription></GroupDescription>Group -
ErrorReportValve showReport must be set to false.
<VulnDiscussion>The Error Report Valve is a simple error handler for HTTP status codes that will generate and return HTML error pages. It can...Rule Medium Severity -
SRG-APP-000295-AS-000263
<GroupDescription></GroupDescription>Group -
Idle timeout for management application must be set to 10 minutes.
<VulnDiscussion>Tomcat can set idle session timeouts on a per application basis. The management application is provided with the Tomcat insta...Rule Medium Severity -
SRG-APP-000315-AS-000094
<GroupDescription></GroupDescription>Group -
LockOutRealms must be used for management of Tomcat.
<VulnDiscussion>A LockOutRealm adds the ability to lock a user out after multiple failed logins. LockOutRealm is an implementation of the Tom...Rule Medium Severity -
SRG-APP-000316-AS-000199
<GroupDescription></GroupDescription>Group -
LockOutRealms failureCount attribute must be set to 5 failed logins for admin users.
<VulnDiscussion>A LockOutRealm adds the ability to lock a user out after multiple failed logins. Setting the failureCount attribute to 5 will...Rule Medium Severity -
SRG-APP-000316-AS-000199
<GroupDescription></GroupDescription>Group -
LockOutRealms lockOutTime attribute must be set to 600 seconds (10 minutes) for admin users.
<VulnDiscussion>A LockOutRealm adds the ability to specify a lockout time that prevents further attempts after multiple failed logins. Settin...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.