STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

Administrators must be the only users allowed access to the directory tree, the shell, or other operating system functions and utilities.

DISA Rule

SV-36456r2_rule

Vulnerability Number

V-2247

Group Title

WG200

Rule Version

WG200 A22

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Ensure non-administrators are not allowed access to the directory tree, the shell, or other operating system functions and utilities.

Check Contents

Obtain a list of the user accounts for the system, noting the priviledges for each account.

Verify with the system administrator or the ISSO that all privileged accounts are mission essential and documented.

Verify with the system administrator or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented.

If undocumented privileged accounts are found, this is a finding.

If undocumented access to shell scripts or operating system functions is found, this is a finding.

Vulnerability Number

V-2247

Documentable

False

Rule Version

WG200 A22

Severity Override Guidance

Obtain a list of the user accounts for the system, noting the priviledges for each account.

Verify with the system administrator or the ISSO that all privileged accounts are mission essential and documented.

Verify with the system administrator or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented.

If undocumented privileged accounts are found, this is a finding.

If undocumented access to shell scripts or operating system functions is found, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments