STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019: STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:SV-32788r1_rule
V-2232
WG050
WG050 A22
CAT II
10
Ensure the SA or Web Manager are entrusted with the web service(s) password.
The reviewer should make a note of the name of the account being used for the web service. This
information may be needed later in the SRR. There may also be other server services running related to the web server in support of a particular web application, these passwords must be entrusted to the SA or Web Manager as well.
Query the SA or Web Manager to determine if they have the web service password(s).
If the web services password(s) are not entrusted to the SA or Web Manager, this is a finding.
NOTE: For installations that run as a service, or without a password, the SA or Web Manager having an Admin account on the system would meet the intent of this check.
V-2232
False
WG050 A22
The reviewer should make a note of the name of the account being used for the web service. This
information may be needed later in the SRR. There may also be other server services running related to the web server in support of a particular web application, these passwords must be entrusted to the SA or Web Manager as well.
Query the SA or Web Manager to determine if they have the web service password(s).
If the web services password(s) are not entrusted to the SA or Web Manager, this is a finding.
NOTE: For installations that run as a service, or without a password, the SA or Web Manager having an Admin account on the system would meet the intent of this check.
M
Web Administrator
158