{"description": "Web content directories should not be shared anonymously over remote filesystems\nsuch as <tt>nfs</tt> and <tt>smb</tt>. Remove the shares from the applicable\ndirectories.", "rationale": "Sharing web content is a security risk when a web server is involved. Users\naccessing the share anonymously could experience privileged access to the\ncontent of such directories. Network sharable directories expose those\ndirectories and their contents to unnecessary access. Any unnecessary exposure\nincreases the risk that someone could exploit that access and either compromises\nthe web content or cause web server performance problems.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "it is not", "ocil": "To verify that web content directories should not be shared anonymously over\nremote filesystems such as <tt>nfs</tt> and <tt>smb</tt>, inspect each instance\nof <tt>DocumentRoot</tt> and <tt>serverRoot</tt> and verify that no entry in\n<tt>/etc/fstab</tt> exists or no remote filesystem process is running for\nany instance.\n<pre>$ ps -ef | grep \"nfs\\|smb\"</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Web Content Directories Must Not Be Shared Anonymously", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml", "template": null}