STIGQter STIGQter: STIG Summary: APACHE SITE 2.0 for Unix Version: 1 Release: 5 Benchmark Date: 23 Oct 2015: Web client access to the content directories must be restricted to read and execute.

DISA Rule

SV-33027r1_rule

Vulnerability Number

V-2258

Group Title

WG290

Rule Version

WG290 A22

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Assign the appropriate permissions to the applicable directories and files using the chmod command.

Check Contents

To view the value of Alias enter the following command:

grep "Alias" /usr/local/apache2/conf/httpd.conf

Alias
ScriptAlias
ScriptAliasMatch

Review the results to determine the location of the files listed above.

Enter the following command to determine the permissions of the above file:

ls -Ll /file-path

The only accounts listed should be the web administrator, developers, and the account assigned to run the apache server service.
If accounts that don’t need access to these directories are listed, this is a finding.
If the permissions assigned to the account for the Apache web server service is greater than Read & Execute (R_E), this is a finding.

Vulnerability Number

V-2258

Documentable

False

Rule Version

WG290 A22

Severity Override Guidance

To view the value of Alias enter the following command:

grep "Alias" /usr/local/apache2/conf/httpd.conf

Alias
ScriptAlias
ScriptAliasMatch

Review the results to determine the location of the files listed above.

Enter the following command to determine the permissions of the above file:

ls -Ll /file-path

The only accounts listed should be the web administrator, developers, and the account assigned to run the apache server service.
If accounts that don’t need access to these directories are listed, this is a finding.
If the permissions assigned to the account for the Apache web server service is greater than Read & Execute (R_E), this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

2100

Comments