STIGQter STIGQter: STIG Summary: Apache Server 2.4 UNIX Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.

DISA Rule

SV-214248r612240_rule

Vulnerability Number

V-214248

Group Title

SRG-APP-000211-WSR-000031

Rule Version

AS24-U1-000440

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Ensure non-administrators are not allowed access to the directory tree, the shell, or other operating system functions and utilities.

Check Contents

Obtain a list of the user accounts for the system, noting the privileges for each account.

Verify with the SA or the Information System Security Officer (ISSO) that all privileged accounts are mission essential and documented.

Verify with the SA or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented.

If undocumented privileged accounts are present, this is a finding.

If undocumented access to shell scripts or operating system functions is present, this is a finding.

Vulnerability Number

V-214248

Documentable

False

Rule Version

AS24-U1-000440

Severity Override Guidance

Obtain a list of the user accounts for the system, noting the privileges for each account.

Verify with the SA or the Information System Security Officer (ISSO) that all privileged accounts are mission essential and documented.

Verify with the SA or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented.

If undocumented privileged accounts are present, this is a finding.

If undocumented access to shell scripts or operating system functions is present, this is a finding.

Check Content Reference

M

Target Key

3996

Comments