10.1 Ensure Web content directory is on a separate partition from the Tomcat system files - verify Web content directory

Information

Store web content on a separate partition from Tomcat system files.

Rationale:

The web document directory is where the files which are served to the end user reside. In the past, directory traversal exploits have allowed malicious users to wreak havoc on a web server including executing code, uploading files, and reading sensitive data. Even if you do not have any directory traversal exploits in your server or code at this time, that doesn't mean they won't be introduced in the future. Moving your web document directory onto a different partition will prevent these kinds of attacks from doing more damage to other parts of the file system.

Solution

Move the web content files to a separate partition from the tomcat system files and update your configuration.

Default Value:

Not Applicable

See Also

https://workbench.cisecurity.org/files/2506

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-3, CSCv7|2.10

Plugin: Unix

Control ID: 8767360f1b66993a49c4824f4f29d5789b41df7864d97ffee368231e5bc64819