STIGQter: STIG Summary: Apache Server 2.4 UNIX Site Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: Apache Server 2.4 UNIX Site Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-214287r612241_rule
V-214287
SRG-APP-000176-WSR-000096
AS24-U2-000390
CAT II
10
Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Based on the " SSLCertificateKeyFile" directive path, configure the Apache web server to ensure only authenticated and authorized users can access the web server's private key.
In a command line, run "httpd -M | grep -i ssl_module".
If the "ssl_module" is not enabled, this is a finding.
Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Review the private key path in the "SSLCertificateKeyFile" directive. Verify only authenticated system administrators and the designated PKI Sponsor for the web server can access the web server private key.
If the private key is accessible by unauthenticated or unauthorized users, this is a finding.
V-214287
False
AS24-U2-000390
In a command line, run "httpd -M | grep -i ssl_module".
If the "ssl_module" is not enabled, this is a finding.
Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:
# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Review the private key path in the "SSLCertificateKeyFile" directive. Verify only authenticated system administrators and the designated PKI Sponsor for the web server can access the web server private key.
If the private key is accessible by unauthenticated or unauthorized users, this is a finding.
M
3997