{"description": "The <tt>DocumentRoot</tt> directory is used for storing web content and data.\nEnsure that the <tt>DocumentRoot</tt> directory exists on a separate logical\nvolume at installation time, or migrate it using LVM.", "rationale": "Application partitioning enables an additional security measure by securing\nuser traffic under one security context, while managing system and application\nfiles under another. Web content is can be to an anonymous web user. For such\nan account to have access to system files of any type is a major security risk\nthat is avoidable and desirable. Failure to partition the system files from the\nweb site documents increases risk of attack via directory traversal, or impede\nweb site availability due to drive space exhaustion.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "it is not", "ocil": "To verify that each web content directory exists on separate partitions,\nrun the following command:\n<pre>$ grep `grep -i documentroot /etc/httpd/conf/httpd.conf | awk -F'\"' '{print $2}'` /etc/fstab</pre>\nEach of the corresponding <tt>DocumentRoot</tt> entries should have a\ncorresponding entry in <tt>/etc/fstab</tt>.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "not container", "platforms": ["not container"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["not_container"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Ensure Web Content Located on Separate partition", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml", "template": null}