AccessLogValve must be configured for each application context.

An XCCDF Rule

Description

Tomcat has the ability to host multiple contexts (applications) on one physical server by using the <Host><Context> attribute. This allows the admin to specify audit log settings on a per application basis. Satisfies: SRG-APP-000016-AS-000013, SRG-APP-000080-AS-000045, SRG-APP-000089-AS-000050, SRG-APP-000091-AS-000052, SRG-APP-000095-AS-000056, SRG-APP-000098-AS-000061, SRG-APP-000099-AS-000062

ID: SV-222930r960765_rule
Version: TCAT-AS-000050
Severity: Medium
References: CCI-000067 CCI-000130 CCI-000133 CCI-000134 CCI-000166 CCI-000169 CCI-000172
Updated: 15 days ago

Remediation Templates

As a privileged user on the Tomcat server:

Edit the $CATALINA_BASE/conf/server.xml file.

Create a <Valve> element that is nested within the <Context> element containing an AccessLogValve.
EXAMPLE:

<Context 
...
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="application_name_log" suffix=".txt"
               pattern="%h %l %t %u &quot;%r&quot; %s %b" />
  ...
/>

Restart the Tomcat server:
sudo systemctl restart tomcat
sudo systemctl daemon-reload

AccessLogValve must be configured for each application context.

Description

Remediation Templates

A Manual Procedure