STIGQter: STIG Summary: APACHE 2.2 Site for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

The web document (home) directory must be in a separate partition from the web server’s system files.

DISA Rule

SV-33108r1_rule

Vulnerability Number

V-3333

Group Title

WG205

Rule Version

WG205 W22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Move the web server system files including the web document root (home) and log directories to a separate partition, other than the OS partition.

Check Contents

Verify that installation directories for Apache HTTP server are located on another partition, other than the OS partition.

Locate the Apache httpd.conf file.

If unable to locate the file, perform a search of the system to find the location of the file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directives: DocumentRoot, ErrorLog, CustomLog

Note the location specified for each of the directives.

If the path for any of the directives is on the same partition as the web server operating system files, this is a finding.

Vulnerability Number

V-3333

Documentable

False

Rule Version

WG205 W22

Severity Override Guidance

Verify that installation directories for Apache HTTP server are located on another partition, other than the OS partition.

Locate the Apache httpd.conf file.

If unable to locate the file, perform a search of the system to find the location of the file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directives: DocumentRoot, ErrorLog, CustomLog

Note the location specified for each of the directives.

If the path for any of the directives is on the same partition as the web server operating system files, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

161

Comments