STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

Public web server resources must not be shared with private assets.

DISA Rule

SV-32957r1_rule

Vulnerability Number

V-2234

Group Title

WG040

Rule Version

WG040 A22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the public web server to not have a trusted relationship with any system resource that is also not accessible to the public. Web content is not to be shared via Microsoft shares or NFS mounts.

Check Contents

Determine whether the public web server has a two-way trusted relationship with any private asset located within the network. Private web server resources (e.g., drives, folders, printers, etc.) will not be directly mapped to or shared with public web servers.

If sharing is selected for any web folder, this is a finding.

The following checks indicate inappropriate sharing of private resources with the public web server:

If private resources (e.g., drives, partitions, folders/directories, printers, etc.) are shared with the public web server, then this is a finding.

Vulnerability Number

V-2234

Documentable

False

Rule Version

WG040 A22

Severity Override Guidance

Determine whether the public web server has a two-way trusted relationship with any private asset located within the network. Private web server resources (e.g., drives, folders, printers, etc.) will not be directly mapped to or shared with public web servers.

If sharing is selected for any web folder, this is a finding.

The following checks indicate inappropriate sharing of private resources with the public web server:

If private resources (e.g., drives, partitions, folders/directories, printers, etc.) are shared with the public web server, then this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments