AccessLogValve must be configured for each application context.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-222930	TCAT-AS-000050	SV-222930r960765_rule	CCI-000067	medium
Description
Tomcat has the ability to host multiple contexts (applications) on one physical server by using the <Host><Context> attribute. This allows the admin to specify audit log settings on a per application basis. Satisfies: SRG-APP-000016-AS-000013, SRG-APP-000080-AS-000045, SRG-APP-000089-AS-000050, SRG-APP-000091-AS-000052, SRG-APP-000095-AS-000056, SRG-APP-000098-AS-000061, SRG-APP-000099-AS-000062
STIG			Date
Apache Tomcat Application Server 9 Security Technical Implementation Guide			2025-02-11

Details

Check Text (C-222930r960765_chk)

As an elevated user on the Tomcat server: Edit the $CATALINA_BASE/conf/server.xml file. Review for all <Context> elements. If a <Valve className="org.apache.catalina.valves.AccessLogValve" .../> element is not defined within each <Context> element, this is a finding. EXAMPLE: <Context ... <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="application_name_log" suffix=".txt" pattern=""%h %l %t %u "%r" %s %b" /> ... />

Fix Text (F-24591r426235_fix)

As a privileged user on the Tomcat server: Edit the $CATALINA_BASE/conf/server.xml file. Create a <Valve> element that is nested within the <Context> element containing an AccessLogValve. EXAMPLE: <Context ... <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="application_name_log" suffix=".txt" pattern="%h %l %t %u "%r" %s %b" /> ... /> Restart the Tomcat server: sudo systemctl restart tomcat sudo systemctl daemon-reload