STIGQter: STIG Summary: Apache Server 2.4 UNIX Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The Apache web server htpasswd files (if present) must reflect proper ownership and permissions.

DISA Rule

SV-214274r612240_rule

Vulnerability Number

V-214274

Group Title

SRG-APP-000516-WSR-000174

Rule Version

AS24-U1-000970

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Ensure the SA or Web Manager account owns the "htpasswd" file.

Ensure permissions are set to "550".

Check Contents

Locate the htpasswd file by entering the following command:

find / -name htpasswd

Navigate to that directory.

Run: ls -l htpasswd

Permissions should be: r-x r - x - - - (550)

If permissions on "htpasswd" are greater than "550", this is a finding.

Verify the owner is the SA or Web Manager account.

If another account has access to this file, this is a finding.

Vulnerability Number

V-214274

Documentable

False

Rule Version

AS24-U1-000970

Severity Override Guidance

Locate the htpasswd file by entering the following command:

find / -name htpasswd

Navigate to that directory.

Run: ls -l htpasswd

Permissions should be: r-x r - x - - - (550)

If permissions on "htpasswd" are greater than "550", this is a finding.

Verify the owner is the SA or Web Manager account.

If another account has access to this file, this is a finding.

Check Content Reference

M

Target Key

3996

Comments