Web Content Directories Must Not Be Shared Anonymously
An XCCDF Rule
Description
Web content directories should not be shared anonymously over remote filesystems
such as nfs and smb. Remove the shares from the applicable
directories.
Rationale
Sharing web content is a security risk when a web server is involved. Users accessing the share anonymously could experience privileged access to the content of such directories. Network sharable directories expose those directories and their contents to unnecessary access. Any unnecessary exposure increases the risk that someone could exploit that access and either compromises the web content or cause web server performance problems.
- ID
- xccdf_org.ssgproject.content_rule_httpd_anonymous_content_sharing
- Severity
- Medium
- References
- Updated