STIGQter: STIG Summary: APACHE 2.2 Site for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

Anonymous FTP user access to interactive scripts is prohibited.

DISA Rule

SV-36641r1_rule

Vulnerability Number

V-2270

Group Title

WG430

Rule Version

WG430 A22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

If the CGI, the cgi-bin, or the cgi-shl directories can be accessed via FTP by any group or user that does not require access, remove permissions to such directories for all but the web administrators and the SAs. Ensure that any such access employs an encrypted connection.

Check Contents

Locate the directories containing the CGI scripts. These directories should be language-specific (e.g., PERL, ASP, JS, JSP, etc.).

Using ls –al, examine the file permissions on the CGI, the cgi-bin, and the cgi-shl directories.

Anonymous FTP users must not have access to these directories.

If the CGI, the cgi-bin, or the cgi-shl directories can be accessed by any group that does not require access, this is a finding.

Vulnerability Number

V-2270

Documentable

False

Rule Version

WG430 A22

Severity Override Guidance

Locate the directories containing the CGI scripts. These directories should be language-specific (e.g., PERL, ASP, JS, JSP, etc.).

Using ls –al, examine the file permissions on the CGI, the cgi-bin, and the cgi-shl directories.

Anonymous FTP users must not have access to these directories.

If the CGI, the cgi-bin, or the cgi-shl directories can be accessed by any group that does not require access, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

161

Comments