STIGQter STIGQter: STIG Summary: Apache Server 2.4 Windows Site Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The Apache web server document directory must be in a separate partition from the Apache web servers system files.

DISA Rule

SV-102637r1_rule

Vulnerability Number

V-92549

Group Title

SRG-APP-000233-WSR-000146

Rule Version

AS24-W2-000580

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the public web server to not have a trusted relationship with any system resource that is also not accessible to the public. Web content is not to be shared via Microsoft shares or NFS mounts.

Check Contents

Determine whether the public web server has a two-way trusted relationship with any private asset located within the network. Private web server resources (e.g., drives, folders, printers, etc.) will not be directly mapped to or shared with public web servers.

If sharing is selected for any web folder, this is a finding.

If private resources (e.g., drives, partitions, folders/directories, printers, etc.) are shared with the public web server, this is a finding.

Vulnerability Number

V-92549

Documentable

False

Rule Version

AS24-W2-000580

Severity Override Guidance

Determine whether the public web server has a two-way trusted relationship with any private asset located within the network. Private web server resources (e.g., drives, folders, printers, etc.) will not be directly mapped to or shared with public web servers.

If sharing is selected for any web folder, this is a finding.

If private resources (e.g., drives, partitions, folders/directories, printers, etc.) are shared with the public web server, this is a finding.

Check Content Reference

M

Target Key

3419

Comments