Application user name must be logged.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
low	V-222985	SRG-APP-000343-AS-000030	TCAT-AS-001080	SV-222985r961362_rule	2025-02-11	3

Description
The access logfile format is defined within a Valve that implements the org.apache.catalina.valves.AccessLogValve interface within the /opt/tomcat/server.xml configuration file: The %u pattern code is included in the pattern element and logs the username used to authenticate to an application. Including the username pattern in the log configuration provides useful information about the application user who is logging in, which is critical for troubleshooting and forensic investigations.

Description

The access logfile format is defined within a Valve that implements the org.apache.catalina.valves.AccessLogValve interface within the /opt/tomcat/server.xml configuration file: The %u pattern code is included in the pattern element and logs the username used to authenticate to an application. Including the username pattern in the log configuration provides useful information about the application user who is logging in, which is critical for troubleshooting and forensic investigations.

ℹ️ Check
As an elevated user on the Tomcat server: Edit the $CATALINA_BASE/conf/server.xml file. Review all "Valve" elements. If the pattern= statement does not include %u, this is a finding. EXAMPLE: <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false"> ... <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %t %u "%r" %s %b" /> ... </Host>

ℹ️ Check

As an elevated user on the Tomcat server: Edit the $CATALINA_BASE/conf/server.xml file. Review all "Valve" elements. If the pattern= statement does not include %u, this is a finding. EXAMPLE: <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false"> ... <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %t %u "%r" %s %b" /> ... </Host>

✔️ Fix
As a privileged user on the Tomcat server: Edit the $CATALINA_BASE/conf/server.xml file. Modify the <Valve> element that is nested beneath the <Host> element. Change the AccessLogValve setting to include %u in the pattern= statement. EXAMPLE: <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false"> ... <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %t %u "%r" %s %b" /> ... </Host> Restart the Tomcat server: sudo systemctl restart tomcat sudo systemctl daemon-reload

✔️ Fix

As a privileged user on the Tomcat server: Edit the $CATALINA_BASE/conf/server.xml file. Modify the <Valve> element that is nested beneath the <Host> element. Change the AccessLogValve setting to include %u in the pattern= statement. EXAMPLE: <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false"> ... <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %t %u "%r" %s %b" /> ... </Host> Restart the Tomcat server: sudo systemctl restart tomcat sudo systemctl daemon-reload