STIGQter: STIG Summary: Apache Server 2.4 UNIX Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The Apache web server must be protected from being stopped by a non-privileged user.

DISA Rule

SV-214267r612240_rule

Vulnerability Number

V-214267

Group Title

SRG-APP-000435-WSR-000147

Rule Version

AS24-U1-000820

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Review the web server documentation and deployed configuration to determine where the process ID is stored and which utilities are used to start/stop the web server.

Determine where the "httpd.pid" file is located by running the following command:

find / -name "httpd.pid"

Run the following commands:
 
# cd <'httpd.pid location'>/
# chown <'service account'> httpd.pid 
# chmod 644 httpd.pid 
# cd /usr/sbin 
# chown <'service account'> service apachectl 
# chmod 755 service apachectl

Check Contents

Review the web server documentation and deployed configuration to determine where the process ID is stored and which utilities are used to start/stop the web server.

Determine where the "httpd.pid" file is located by running the following command:

find / -name "httpd.pid"
 
This file is automatically generated upon service start. Verify the file owner/group is of an administrative service account:
 
ls -lah <'httpd.pid location'>/httpd.pid
 
If the file owner/group is not an administrative service account, this is a finding.
 
Verify the service utilities used to manage the Apache service owner/group is of an administrative service account.
 
ls -lah /usr/sbin/service
ls -lah /usr/sbin/apachectl
 
If the service utilities owner/group is not an administrative service account, this is a finding.
 
Determine whether the process ID and the utilities are protected from non-privileged users.
 
If the process ID and the utilities are not protected from non-privileged users, this is a finding.

Vulnerability Number

V-214267

Documentable

False

Rule Version

AS24-U1-000820

Severity Override Guidance

Review the web server documentation and deployed configuration to determine where the process ID is stored and which utilities are used to start/stop the web server.

Determine where the "httpd.pid" file is located by running the following command:

find / -name "httpd.pid"
 
This file is automatically generated upon service start. Verify the file owner/group is of an administrative service account:
 
ls -lah <'httpd.pid location'>/httpd.pid
 
If the file owner/group is not an administrative service account, this is a finding.
 
Verify the service utilities used to manage the Apache service owner/group is of an administrative service account.
 
ls -lah /usr/sbin/service
ls -lah /usr/sbin/apachectl
 
If the service utilities owner/group is not an administrative service account, this is a finding.
 
Determine whether the process ID and the utilities are protected from non-privileged users.
 
If the process ID and the utilities are not protected from non-privileged users, this is a finding.

Check Content Reference

M

Target Key

3996

Comments