STIGQter STIGQter: STIG Summary: Apache Server 2.4 Windows Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.

DISA Rule

SV-214322r505936_rule

Vulnerability Number

V-214322

Group Title

SRG-APP-000141-WSR-000078

Rule Version

AS24-W1-000280

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Ensure non-administrators are not allowed access to the directory tree, the shell, or other operating system functions and utilities.

Check Contents

Obtain a list of the user accounts for the system, noting the privileges for each account.

Verify with the System Administrator (SA) or the Information System Security Officer (ISSO) that all privileged accounts are mission essential and documented.

Verify with the SA or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented.

If undocumented privileged accounts are present, this is a finding.

If undocumented access to shell scripts or operating system functions is present, this is a finding.

Vulnerability Number

V-214322

Documentable

False

Rule Version

AS24-W1-000280

Severity Override Guidance

Obtain a list of the user accounts for the system, noting the privileges for each account.

Verify with the System Administrator (SA) or the Information System Security Officer (ISSO) that all privileged accounts are mission essential and documented.

Verify with the SA or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented.

If undocumented privileged accounts are present, this is a finding.

If undocumented access to shell scripts or operating system functions is present, this is a finding.

Check Content Reference

M

Target Key

3998

Comments