STIGQter: STIG Summary: Apache Server 2.4 UNIX Site Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Apache web server must be configured to use a specified IP address and port.

DISA Rule

SV-214285r612241_rule

Vulnerability Number

V-214285

Group Title

SRG-APP-000142-WSR-000089

Rule Version

AS24-U2-000360

Severity

CAT II

CCI(s)

CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

Fix Recommendation

Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:

# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Set each "VirtualHost" directive to listen to on a specific IP address and port.

Check Contents

Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:

# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Verify that for each "VirtualHost" directive, there is an IP address and port.

If there is not, this is a finding.

Vulnerability Number

V-214285

Documentable

False

Rule Version

AS24-U2-000360

Severity Override Guidance

Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:

# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Verify that for each "VirtualHost" directive, there is an IP address and port.

If there is not, this is a finding.

Check Content Reference

Target Key

3997

The Apache web server must be configured to use a specified IP address and port.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments