Check: TCAT-AS-000580
Apache Tomcat Application Server 9 STIG:
TCAT-AS-000580
(in versions v2 r7 through v1 r1)
Title
Documentation must be removed. (Cat III impact)
Discussion
Tomcat provides documentation and other directories in the default installation which do not serve a production use. These files must be deleted.
Check Content
From the Tomcat server OS type the following command: sudo ls -l $CATALINA_BASE/webapps/docs. If the docs folder exists or contains any content, this is a finding.
Fix Text
From the Tomcat server OS type the following command: sudo rm -rf $CATALINA_BASE/webapps/docs
Additional Identifiers
Rule ID: SV-222960r879587_rule
Vulnerability ID: V-222960
Group Title: SRG-APP-000141-AS-000095
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
Number | Title |
---|---|
CM-7 |
Least Functionality |