STIGQter: STIG Summary: APACHE 2.2 Site for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

Web content directories must not be anonymously shared.

DISA Rule

SV-33022r1_rule

Vulnerability Number

V-2226

Group Title

WG210

Rule Version

WG210 A22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Remove the shares from the applicable directories.

Check Contents

To view the DocumentRoot enter the following command:

grep "DocumentRoot" /usr/local/apache2/conf/httpd.conf

To view the ServerRoot enter the following command:

grep "serverRoot" /usr/local/apache2/conf/httpd.conf

Note the location following the DocumentRoot and ServerRoot directives.

Enter the following commands to determine if file sharing is running:

ps -ef | grep nfs, ps -ef | grep smb

If results are returned, determine the shares and confirm they are not in the same directory as listed above, If they are, this is a finding.

Vulnerability Number

V-2226

Documentable

False

Rule Version

WG210 A22

Severity Override Guidance

To view the DocumentRoot enter the following command:

grep "DocumentRoot" /usr/local/apache2/conf/httpd.conf

To view the ServerRoot enter the following command:

grep "serverRoot" /usr/local/apache2/conf/httpd.conf

Note the location following the DocumentRoot and ServerRoot directives.

Enter the following commands to determine if file sharing is running:

ps -ef | grep nfs, ps -ef | grep smb

If results are returned, determine the shares and confirm they are not in the same directory as listed above, If they are, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

161

Comments