STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

Administrative users and groups that have access rights to the web server must be documented.

DISA Rule

SV-32951r1_rule

Vulnerability Number

V-2257

Group Title

WA120

Rule Version

WA120 A22

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Document the administrative users and groups which have access rights to the web server in the web site SOP or in an equivalent document.

Check Contents

Proposed Questions:
How many user accounts are associated with the Web server operation and maintenance?

Where are these accounts documented?

Use the command line utility more /etc/passwd to identify the accounts on the web server.

Query the SA or Web Manager regarding the use of each account and each group.

If the documentation does not match the users and groups found on the server, this is a finding.

Vulnerability Number

V-2257

Documentable

False

Rule Version

WA120 A22

Severity Override Guidance

Proposed Questions:
How many user accounts are associated with the Web server operation and maintenance?

Where are these accounts documented?

Use the command line utility more /etc/passwd to identify the accounts on the web server.

Query the SA or Web Manager regarding the use of each account and each group.

If the documentation does not match the users and groups found on the server, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments