STIGQter: STIG Summary: Apache Server 2.4 UNIX Site Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Apache Server 2.4 UNIX Site Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-214286r612241_rule
V-214286
SRG-APP-000175-WSR-000095
AS24-U2-000380
CAT II
10
Determine the location of the "HTTPD_ROOT" directory and the "ssl.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
Edit <'HTTPD_ROOT'>/conf.d/ssl.conf
Set "SSLVerifyClient" to "require".
Set "SSLVerifyDepth" to "1".
SSLVerifyDepth 1
For more information: https://httpd.apache.org/docs/current/mod/ssl_module.html
In a command line, run "httpd -M | grep -i ssl_module".
If the "ssl_module" is not enabled, this is a finding.
Determine the location of the "HTTPD_ROOT" directory and the "ssl.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
Review <'HTTPD_ROOT'>/conf.d/ssl.conf
Verify "SSLVerifyClient" is set to "require":
SSLVerifyClient require
Verify "SSLVerifyDepth" is set to a number greater than "0":
SSLVerifyDepth 1
If "SSLVerifyClient" is not set to "require" or "SSLVerifyDepth" is not set to a number greater than "0", this is a finding.
V-214286
False
AS24-U2-000380
In a command line, run "httpd -M | grep -i ssl_module".
If the "ssl_module" is not enabled, this is a finding.
Determine the location of the "HTTPD_ROOT" directory and the "ssl.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
Review <'HTTPD_ROOT'>/conf.d/ssl.conf
Verify "SSLVerifyClient" is set to "require":
SSLVerifyClient require
Verify "SSLVerifyDepth" is set to a number greater than "0":
SSLVerifyDepth 1
If "SSLVerifyClient" is not set to "require" or "SSLVerifyDepth" is not set to a number greater than "0", this is a finding.
M
3997