STIGQter STIGQter: STIG Summary: Apache Server 2.4 UNIX Site Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Apache web server application, libraries, and configuration files must only be accessible to privileged users.

DISA Rule

SV-214299r612241_rule

Vulnerability Number

V-214299

Group Title

SRG-APP-000380-WSR-000072

Rule Version

AS24-U2-000780

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure non-administrators are not allowed access to the directory tree, the shell, or other operating system functions and utilities.

Check Contents

Obtain a list of the user accounts for the system, noting the privileges for each account.

Verify with the System Administrator (SA) or the Information System Security Officer (ISSO) that all privileged accounts are mission essential and documented.

Verify with the SA or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented.

If undocumented privileged accounts are found, this is a finding.

If undocumented access to shell scripts or operating system functions is present, this is a finding.

Vulnerability Number

V-214299

Documentable

False

Rule Version

AS24-U2-000780

Severity Override Guidance

Obtain a list of the user accounts for the system, noting the privileges for each account.

Verify with the System Administrator (SA) or the Information System Security Officer (ISSO) that all privileged accounts are mission essential and documented.

Verify with the SA or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented.

If undocumented privileged accounts are found, this is a finding.

If undocumented access to shell scripts or operating system functions is present, this is a finding.

Check Content Reference

M

Target Key

3997

Comments