Check: TCAT-AS-000580
Apache Tomcat 9 STIG:
TCAT-AS-000580
(in version v1 r0.1)
Title
Documentation must be removed. (Cat III impact)
Discussion
Tomcat provides documentation and other directories in the default installation which do not serve a production use. These files must be deleted.
Check Content
From the Tomcat server OS type the following command: sudo ls -l $CATALINA_HOME/webapps/docs. If the docs folder exists or contains any content, this is a finding.
Fix Text
From the Tomcat server OS type the following command: sudo rm -rf $CATALINA_HOME/webapps/docs
Additional Identifiers
Rule ID: TCAT-AS-000580_rule
Vulnerability ID: TCAT-AS-000580
Group Title: SRG-APP-000141-AS-000095
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
Number | Title |
---|---|
CM-7 |
Least Functionality |