'TCAT-AS-001220 - $CATALINA_BASE/conf/ folder must be owned by root, group tomcat.' (Vuln ID: V-222987)
'TCAT-AS-001200 - $CATALINA_HOME folder must be owned by the root user, group tomcat.' (Vuln ID: V-222986)
Release : 21.2
The changes proposed in this finding/STIG item can be done.
Broadcom tested these changes internally and the product still functions normally.
The specified directories can be changed to root ownership and 'Spectrum Install' group.
As with implementing most STIG suggestion items, there will be some pain points associated with this.
Root access would be required to make any changes to the files within the "conf" directory.
Upgrades may also be affected if using a non-root user.
Support would recommend adding steps to the upgrade process for customers who perform this STIG.
Change ownership back to the Spectrum Install owner, perform the upgrade, and after successful upgrade the ownership can be changed back to root.