STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

Active software modules must be minimized.

DISA Rule

SV-33215r1_rule

Vulnerability Number

V-26285

Group Title

WA00500

Rule Version

WA00500 A22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Disable any modules that are not needed.

Check Contents

Enter the following command:

/usr/local/Apache2.2/bin/httpd –M

This will provide a list of the loaded modules. Validate that all displayed modules are required for operations. If any module is not required for operation, this is a finding.

Note: The following modules are needed for basic web function and do not need to be reviewed:

core_module
http_module
so_module
mpm_prefork_module

Vulnerability Number

V-26285

Documentable

False

Rule Version

WA00500 A22

Severity Override Guidance

Enter the following command:

/usr/local/Apache2.2/bin/httpd –M

This will provide a list of the loaded modules. Validate that all displayed modules are required for operations. If any module is not required for operation, this is a finding.

Note: The following modules are needed for basic web function and do not need to be reviewed:

core_module
http_module
so_module
mpm_prefork_module

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments