$CATALINA_HOME folder must be owned by the root user, group tomcat.
An XCCDF Rule
Description
Tomcat file permissions must be restricted. The standard configuration is to have the folder where Tomcat is installed owned by the root user with the group set to tomcat. The $CATALINA_HOME environment variable should be set to the location of the root directory of the "binary" distribution of Tomcat.
- ID
- SV-222986r961461_rule
- Version
- TCAT-AS-001200
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Run the following commands on the Tomcat server:
sudo find $CATALINA_HOME -maxdepth 0 \( ! -user root \) | sudo xargs chown root
sudo find $CATALINA_HOME -maxdepth 0 \( ! -group tomcat \) | sudo xargs chgrp tomcat