WG210 A22 - Web content directories must not be anonymously shared.

Information

Sharing web content is a security risk when a web server is involved. Users accessing the share anonymously could experience privileged access to the content of such directories. Network sharable directories expose those directories and their contents to unnecessary access. Any unnecessary exposure increases the risk that someone could exploit that access and either compromises the web content or cause web server performance problems.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Remove the shares from the applicable directories.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_UNIX_V1R11_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, Rule-ID|SV-33022r1_rule, STIG-ID|WG210_A22, Vuln-ID|V-2226

Plugin: Unix

Control ID: 0315244e600c0ec84d756b1a822c50c12a4df567fc78efdd3a36d8c4de237f64