Skip to content

III - Administrative Public

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • ALLOW_BACKSLASH must be set to false.

    &lt;VulnDiscussion&gt;When Tomcat is installed behind a proxy configured to only allow access to certain Tomcat contexts (web applications), an HTT...
    Rule Medium Severity
  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • ENFORCE_ENCODING_IN_GET_WRITER must be set to true.

    &lt;VulnDiscussion&gt;Some clients try to guess the character encoding of text media when the mandated default of ISO-8859-1 should be used. Some b...
    Rule Medium Severity
  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • Tomcat users in a management role must be approved by the ISSO.

    &lt;VulnDiscussion&gt;Deploying applications to Tomcat requires a Tomcat user account that is in the "manager-script" role. Any user accounts in a ...
    Rule Medium Severity
  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • Hosted applications must be documented in the system security plan.

    &lt;VulnDiscussion&gt;The ISSM/ISSO must be cognizant of all applications operating on the Tomcat server, and must address any security implication...
    Rule Low Severity
  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • Connectors must be approved by the ISSO.

    &lt;VulnDiscussion&gt;Connectors are how Tomcat receives requests over a network port, passes them to hosted web applications via HTTP or AJP and t...
    Rule Low Severity
  • SRG-APP-000516-AS-000237

    <GroupDescription></GroupDescription>
    Group
  • Connector address attribute must be set.

    &lt;VulnDiscussion&gt;Connectors are how Tomcat receives requests over a network port, passes them to hosted web applications via HTTP or AJP, and ...
    Rule Low Severity
  • SRG-APP-000108-AS-000067

    <GroupDescription></GroupDescription>
    Group
  • The application server must alert the system administrator (SA) and information system security offer (ISSO), at a minimum, in the event of a log processing failure.

    &lt;VulnDiscussion&gt;Logs are essential to monitor the health of the system, investigate changes that occurred to the system, or investigate a sec...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules