STIGQter: STIG Summary: Apache Server 2.4 UNIX Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Apache Server 2.4 UNIX Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:SV-214271r612240_rule
V-214271
SRG-APP-000516-WSR-000079
AS24-U1-000940
CAT I
10
Update the /etc/passwd file to assign the account used to run the "httpd" process an invalid login shell such as "/sbin/nologin".
Lock the account used to run the "httpd" process:
# passwd -l <account>
Locking password for user <account>
passwd: Success
Identify the account that is running the "httpd" process:
# ps -ef | grep -i httpd | grep -v grep
apache 29613 996 0 Feb17 ? 00:00:00 /usr/sbin/httpd
apache 29614 996 0 Feb17 ? 00:00:00 /usr/sbin/httpd
Check to see if the account has a valid login shell:
# cut -d: -f1,7 /etc/passwd | grep -i <service_account>
apache:/sbin/nologin
If the service account has a valid login shell, verify that no password is configured for the account:
# cut -d: -f1,2 /etc/shadow | grep -i <service_account>
apache:!!
If the account has a valid login shell and a password defined, this is a finding.
V-214271
False
AS24-U1-000940
Identify the account that is running the "httpd" process:
# ps -ef | grep -i httpd | grep -v grep
apache 29613 996 0 Feb17 ? 00:00:00 /usr/sbin/httpd
apache 29614 996 0 Feb17 ? 00:00:00 /usr/sbin/httpd
Check to see if the account has a valid login shell:
# cut -d: -f1,7 /etc/passwd | grep -i <service_account>
apache:/sbin/nologin
If the service account has a valid login shell, verify that no password is configured for the account:
# cut -d: -f1,2 /etc/shadow | grep -i <service_account>
apache:!!
If the account has a valid login shell and a password defined, this is a finding.
M
3996