STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

The Timeout directive must be properly set.

DISA Rule

SV-32977r1_rule

Vulnerability Number

V-13724

Group Title

WA000-WWA020

Rule Version

WA000-WWA020 A22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit the httpd.conf file and set the value of "Timeout" to 300 seconds or less.

Check Contents

To view the Timeout value enter the following command:

grep "Timeout" /usr/local/apache2/conf/httpd.conf.

Verify the value is 300 or less if not, this is a finding.

Note:If the directive does not exist, this is not a finding because it will default to 300. It is recommended that the directive be explicitly set to prevent unexpected results should the defaults for any reason be changed (i.e. software update).

Vulnerability Number

V-13724

Documentable

False

Rule Version

WA000-WWA020 A22

Severity Override Guidance

To view the Timeout value enter the following command:

grep "Timeout" /usr/local/apache2/conf/httpd.conf.

Verify the value is 300 or less if not, this is a finding.

Note:If the directive does not exist, this is not a finding because it will default to 300. It is recommended that the directive be explicitly set to prevent unexpected results should the defaults for any reason be changed (i.e. software update).

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments