10.1 Ensure Web content directory is on a separate partition from the Tomcat system files (verify Web content directory)

Information

The web document directory is where the files which are served to the end user reside. In the past, directory traversal exploits have allowed malicious users to play havoc on a web server including executing code, uploading files, and reading sensitive data. Even if you do not have any directory traversal exploits in your server or code at this time, that doesn't mean they won't be introduced in the future. Moving your web document directory onto a different partition will prevent these kinds of attacks from doing more damage to other part of the file system.

Solution

Move the web content files to a separate partition from the tomcat system files and update your configuration.

See Also

https://workbench.cisecurity.org/files/266

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Unix

Control ID: f2ff5f0e901cb916eca16851d1affc127b91c5e24411380c913f25127b9133db