STIGQter STIGQter: STIG Summary: APACHE Server 2.0 for Unix Version: 1 Release: 5 Benchmark Date: 23 Oct 2015: The httpd.conf StartServers directive must be set properly.

DISA Rule

SV-36645r2_rule

Vulnerability Number

V-13727

Group Title

WA000-WWA026

Rule Version

WA000-WWA026 A22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Open the httpd.conf file with an editor and search for the following directive:

StartServer

Set the directive to a value between 5 and 10, add the directive if it does not exist.

It is recommended that the directive be explicitly set to prevent unexpected results if the defaults change with updated software.

Check Contents

Locate the Apache httpd.conf file. If you cannot locate the file, you can do a search of the drive to find the location of the file.

Open the httpd.conf file with an editor and search for the following directive:

StartServers

The value needs to be between 5 and 10

If the directive is set improperly, this is a finding.

If the directive does not exist, this is NOT a finding because it will default to 5. It is recommended that the directive be explicitly set to prevent unexpected results if the defaults change with updated software.

NOTE: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of increased or decreased value. If the site has this documentation, this should be marked as Not a Finding.

Vulnerability Number

V-13727

Documentable

False

Rule Version

WA000-WWA026 A22

Severity Override Guidance

Locate the Apache httpd.conf file. If you cannot locate the file, you can do a search of the drive to find the location of the file.

Open the httpd.conf file with an editor and search for the following directive:

StartServers

The value needs to be between 5 and 10

If the directive is set improperly, this is a finding.

If the directive does not exist, this is NOT a finding because it will default to 5. It is recommended that the directive be explicitly set to prevent unexpected results if the defaults change with updated software.

NOTE: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of increased or decreased value. If the site has this documentation, this should be marked as Not a Finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

2099

Comments