STIGQter STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

The process ID (PID) file must be properly secured.

DISA Rule

SV-33177r1_rule

Vulnerability Number

V-26305

Group Title

WA00530

Rule Version

WA00530 W22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Modify the location and/or permissions for the PID file and/or folder.

Check Contents

Locate the Apache httpd.conf file.

Open the httpd.conf file with an editor such as Notepad, and search for the following directive: PidFile

Note the location and name of the PID file
If the PID file location is not specified in the conf file, use the \logs directory as the PID file location.

Verify the permissions on the folder containing the PID file. If any user accounts other than administrator, auditor, or the account used to run the web server has permission to this file, this is a finding. If the PID file is located in the web server DocumentRoot this is a finding.

Vulnerability Number

V-26305

Documentable

False

Rule Version

WA00530 W22

Severity Override Guidance

Locate the Apache httpd.conf file.

Open the httpd.conf file with an editor such as Notepad, and search for the following directive: PidFile

Note the location and name of the PID file
If the PID file location is not specified in the conf file, use the \logs directory as the PID file location.

Verify the permissions on the folder containing the PID file. If any user accounts other than administrator, auditor, or the account used to run the web server has permission to this file, this is a finding. If the PID file is located in the web server DocumentRoot this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments