{"description": "It is important to segregate public web server resources from private\nresources located behind a DMZ in order to protect private\nassets.", "rationale": "When folders, drives, or other resources are directly shared between the\npublic web server and private servers the intent of data and resource\nsegregation can be compromised.\n\nIn addition to the requirements of the DoD Internet-NIPRNet DMZ STIG that\nisolates inbound traffic from external network to the internal network,\nresources such as printers, files, and folders/directories will not be\nshared between public web servers and assets located within the internal\nnetwork.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "sharing is selected for any web folder, this is a finding.\n\nIf private resources (e.g. drives, partitions, folders/directories,\nprinters, etc.) are sharedw ith the public web server", "ocil": "Configure the public web server to not have a trusted relationship with\nany system resources that is also not accessible to the public. Web\ncontent is not to be shared via Microsoft shares or NFS mounts.\n\nDetermine whether the public web server has a two-way trust relationship\nwith any private asset located within the network. Private web server\nresources (e.g. drives, folders, printers, etc.) will not be directly\nmapped to or shared with public web servers.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Public web server resources must not be shared with private assets", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml", "template": null}