STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

The KeepAliveTimeout directive must be defined.

DISA Rule

SV-32877r1_rule

Vulnerability Number

V-13726

Group Title

WA000-WWA024

Rule Version

WA000-WWA024 A22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit the httpd.conf file and set the value of "KeepAliveTimeout" to the value of 15 or less.

Check Contents

To view the KeepAliveTimeout value enter the following command:

grep "KeepAliveTimeout" /usr/local/apache2/conf/httpd.conf.

If the value of "KeepAliveTimeout" is not set to 15 or less, this is a finding.

Note: If the directive does not exist, this is not a finding because it will default to 5. It is recommended that the directive be explicitly set to prevent unexpected results should the defaults for any reason change(i.e. software update).

Vulnerability Number

V-13726

Documentable

False

Rule Version

WA000-WWA024 A22

Severity Override Guidance

To view the KeepAliveTimeout value enter the following command:

grep "KeepAliveTimeout" /usr/local/apache2/conf/httpd.conf.

If the value of "KeepAliveTimeout" is not set to 15 or less, this is a finding.

Note: If the directive does not exist, this is not a finding because it will default to 5. It is recommended that the directive be explicitly set to prevent unexpected results should the defaults for any reason change(i.e. software update).

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments