Details
The Jetty installation may provide sample demos of applications, documentation, and other directories which may not serve a production use.
Removing sample resources is a defense in depth measure that reduces potential exposures introduced by these resources.
Solution
Perform the following to remove extraneous resources:
1) The following should yield no output:
$ rm -rf $JETTY_BASE/webapps/js-examples
$JETTY_BASE/webapps/servlet-example
$JETTY_BASE/webapps/webdev
$JETTY_BASE/webapps/-docs
$JETTY_BASE/webapps/balancer
$JETTY_BASE/webapps/ROOT/admin
$JETTY_BASE/webapps/examples
2) If the Manager application is not utilized, also remove the following resources: $ rm rf $JETTY_HOME/server/webapps/host-manager $JETTY_HOME/server/webapps/manager $JETTY_HOME/conf/JETTY/localhost/host-manager.xml $JETTY_HOME/conf/JETTY/localhost/manager.xml
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.