STIGQter STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

A web server must be segregated from other services.

DISA Rule

SV-32950r1_rule

Vulnerability Number

V-6577

Group Title

WG204

Rule Version

WG204 A22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Move or install additional services and applications to partitions that are not the operating system root or the web document root.

Check Contents

Request a copy of and review the web server’s installation and configuration plan. Ensure that the server is in compliance with this plan. If the server is not in compliance with the plan, this is a finding.

Query the SA to ascertain if and where the additional services are installed.

Confirm that the additional service or application is not installed on the same partition as the operating systems root directory or the web document root. If it is, this is a finding.

Vulnerability Number

V-6577

Documentable

False

Rule Version

WG204 A22

Severity Override Guidance

Request a copy of and review the web server’s installation and configuration plan. Ensure that the server is in compliance with this plan. If the server is not in compliance with the plan, this is a finding.

Query the SA to ascertain if and where the additional services are installed.

Confirm that the additional service or application is not installed on the same partition as the operating systems root directory or the web document root. If it is, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments