Check: TCAT-AS-000560
Apache Tomcat 9 STIG:
TCAT-AS-000560
(in version v1 r0.1)
Title
Example applications must be removed. (Cat III impact)
Discussion
Tomcat provides example applications, documentation, and other directories in the default installation which do not serve a production use. These files must be deleted.
Check Content
From the Tomcat server OS type the following command: sudo ls -l $CATALINA_HOME/webapps/examples. If the examples folder exists or contains any content, this is a finding.
Fix Text
From the Tomcat server OS type the following command: sudo rm -rf $CATALINA_HOME/webapps/examples
Additional Identifiers
Rule ID: TCAT-AS-000560_rule
Vulnerability ID: TCAT-AS-000560
Group Title: SRG-APP-000141-AS-000095
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
Number | Title |
---|---|
CM-7 |
Least Functionality |