STIGQter: STIG Summary: Apache Server 2.4 Windows Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Apache Server 2.4 Windows Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-214353r505936_rule
V-214353
SRG-APP-000435-WSR-000147
AS24-W1-000820
CAT II
10
Restrict access to the web administration tool to only the Web Manager and the Web Manager's designees.
Right-click <'Install Path'>\bin\httpd.exe.
Click "Properties" from the "Context" menu.
Select the "Security" tab.
Review the groups and user names.
The following account may have Full control privileges:
TrustedInstaller
Web Managers
Web Manager designees
The following accounts may have read and execute, or read permissions:
Non Web Manager Administrators
ALL APPLICATION PACKAGES (built-in security group)
SYSTEM
Users
Specific users may be granted read and execute and read permissions.
Compare the local documentation authorizing specific users against the users observed when reviewing the groups and users.
If any other access is observed, this is a finding.
V-214353
False
AS24-W1-000820
Right-click <'Install Path'>\bin\httpd.exe.
Click "Properties" from the "Context" menu.
Select the "Security" tab.
Review the groups and user names.
The following account may have Full control privileges:
TrustedInstaller
Web Managers
Web Manager designees
The following accounts may have read and execute, or read permissions:
Non Web Manager Administrators
ALL APPLICATION PACKAGES (built-in security group)
SYSTEM
Users
Specific users may be granted read and execute and read permissions.
Compare the local documentation authorizing specific users against the users observed when reviewing the groups and users.
If any other access is observed, this is a finding.
M
3998