STIGQter: STIG Summary: Apache Server 2.4 UNIX Site Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Apache Server 2.4 UNIX Site Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-214281r612241_rule
V-214281
SRG-APP-000141-WSR-000081
AS24-U2-000300
CAT II
10
Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Disable MIME types for .exe, .dll, .com, .bat, and .csh programs.
If "Action" or "AddHandler" exist and they configure any of the following (.exe, .dll, .com, .bat, or .csh), remove those references.
Restart Apache: apachectl restart
Ensure this process is documented and approved by the ISSO.
In a command line, run "httpd -M | grep -i ssl_module".
If the "ssl_module" is not enabled, this is a finding.
Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
If "Action" or "AddHandler" exist and they configure .exe, .dll, .com, .bat, or .csh, or any other shell as a viewer for documents, this is a finding.
If this is not documented and approved by the Information System Security Officer (ISSO), this is a finding.
V-214281
False
AS24-U2-000300
In a command line, run "httpd -M | grep -i ssl_module".
If the "ssl_module" is not enabled, this is a finding.
Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
If "Action" or "AddHandler" exist and they configure .exe, .dll, .com, .bat, or .csh, or any other shell as a viewer for documents, this is a finding.
If this is not documented and approved by the Information System Security Officer (ISSO), this is a finding.
M
3997