STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

Web administration tools must be restricted to the web manager and the web manager’s designees.

DISA Rule

SV-32948r2_rule

Vulnerability Number

V-2248

Group Title

WG220

Rule Version

WG220 A22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Restrict access to the web administration tool to only the web manager and the web manager’s designees.

Check Contents

Determine which tool or control file is used to control the configuration of the web server.

If the control of the web server is done via control files, verify who has update access to them. If tools are being used to configure the web server, determine who has access to execute the tools.

If accounts other than the SA, the web manager, or the web manager designees have access to the web administration tool or control files, this is a finding.

Vulnerability Number

V-2248

Documentable

False

Rule Version

WG220 A22

Severity Override Guidance

Determine which tool or control file is used to control the configuration of the web server.

If the control of the web server is done via control files, verify who has update access to them. If tools are being used to configure the web server, determine who has access to execute the tools.

If accounts other than the SA, the web manager, or the web manager designees have access to the web administration tool or control files, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments