We are having a big push at my company to run CIS compliance scans on all of our systems. As part of this I’m trying to run compliance scans on the Apache TomCat webservers we have running however when I try to run the scans they fail due to issues with the CPE. When I look at the check that is in place for the CPE for the file location it shows
File Specification
filepathequals
I’m also seeing that a lot of the compliance checks themselves also are showing items marked as
This is for the CIS Policy identified as CIS Apache Tomcat 8.0 Benchmark v1.0.1. I’m going to open up a support ticket with Rapid7 as well but just wanted to see if anyone here had been successful with TomCat compliance? Thank you.