Documentation - V-222949

V-222949

Apache Tomcat Application Server 9 Security Technical Implementation Guide

CAT II

Title

Tomcat user UMASK must be set to 0027.

Description

<VulnDiscussion>For Unix-based systems, umask settings affect file creation permissions. If the permissions are too loose, newly created log files and applications could be accessible to unauthorized users via the file system. Ensure the Tomcat OS user account has the correct file creation permission settings by validating the OS umask settings for the Tomcat user. Setting umask to 0027 gives the Tomcat user full rights, group users r-x permission and all others no access. Tomcat will most like...

Fix Text (Documentation Requirement)

From the Tomcat server as a privileged user: Use a file editor like nano or vi and edit the /etc/systemd/system/tomcat.service file. Change the "UMask=" setting to 0027. UMask =0027 Save the file and restart Tomcat: sudo systemctl restart tomcat sudo systemctl daemon-reload

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel