STIGQter STIGQter: STIG Summary: Apache Server 2.4 Windows Site Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

Anonymous user access to the Apache web server application directories must be prohibited.

DISA Rule

SV-102617r1_rule

Vulnerability Number

V-92529

Group Title

SRG-APP-000211-WSR-000031

Rule Version

AS24-W2-000440

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Ensure non-administrators are not allowed access to the directory tree, the shell, or other operating system functions and utilities.

Check Contents

Obtain a list of the user accounts for the system, noting the privileges for each account.

Verify with the System Administrator (SA) or the Information System Security Officer (ISSO) that all privileged accounts are mission essential and documented.

Verify with the SA or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented.

If undocumented privileged accounts are present, this is a finding.

If undocumented access to shell scripts or operating system functions is present, this is a finding.

Vulnerability Number

V-92529

Documentable

False

Rule Version

AS24-W2-000440

Severity Override Guidance

Obtain a list of the user accounts for the system, noting the privileges for each account.

Verify with the System Administrator (SA) or the Information System Security Officer (ISSO) that all privileged accounts are mission essential and documented.

Verify with the SA or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented.

If undocumented privileged accounts are present, this is a finding.

If undocumented access to shell scripts or operating system functions is present, this is a finding.

Check Content Reference

M

Target Key

3419

Comments