STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to MarkLogic Server v9 Security Technical Implementation Guide

V-220357

CAT II (Medium)

MarkLogic Server software, including configuration files, must be stored in dedicated directories, or DASD pools, separate from the host OS and other applications.

Rule ID

SV-220357r960960_rule

STIG

MarkLogic Server v9 Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-001499

Discussion

When dealing with change control issues, it should be noted any changes to the hardware, software, and/or firmware components of the information system and/or application could potentially have significant effects on the overall security of the system. Multiple applications can provide a cumulative negative effect. A vulnerability and subsequent exploit to one application can lead to an exploit of other applications sharing the same security context. For example, an exploit to a web server process that leads to unauthorized administrative access to host system directories can most likely lead to a compromise of all applications hosted by the same system. Database software not installed using dedicated directories both threatens, and is threatened by, other hosted applications. Access controls defined for one application may by default provide access to the other application's database objects or directories. Any method that provides any level of separation of security context assists in the protection between applications.

Check Content

Only applications required for the functioning and administration, not use of, MarkLogic should be located in the same disk directory as the MarkLogic software libraries. Review the MarkLogic software library directories /opt/MarkLogic and /var/opt/MarkLogic and note other root directories located on the same disk directory or any subdirectories.

If any non-MarkLogic software directories exist on the disk directory, examine or investigate their use. If any of the directories are used by other applications, including third-party applications that use MarkLogic, this is a finding.

At a command prompt on the MarkLogic system, run the following commands:
> ls /opt/MarkLogic

If any directories exist that are not in the list below, this is a finding.
Admin bin FlexRep include Lang Messages 
Apps Config HealthCheck Installer mlcmd Plugins
Assets Converters java lib Modules Samples

At a command prompt on the MarkLogic system, run the following commands:
> ls /var/opt/MarkLogic

If any directories exist that are not in the list below, this is a finding.
kms Lib run Stage
Forests Journals Label Logs Temp

If other software is installed in those directories and is not approved by Org Policy, this is a finding.

Fix Text

Only applications that are required for the functioning and administration, not use of, MarkLogic should be located in the same disk directory as the MarkLogic software libraries. Review the MarkLogic software library directories /opt/MarkLogic and /var/opt/MarkLogic and note other root directories located on the same disk directory or any subdirectories.

Remove any other applications, including third-party applications that use MarkLogic that are not approved by Org Policy.

At a command prompt on the MarkLogic system, run the following commands:
If the software was installed via yum/rpm
> sudo yum remove [Software-Package-Name]
If the software was installed via unzip/untar.
> sudo rm -r [/path/to/unauthorized/software]