STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019: STIGQter: STIG Summary: APACHE 2.2 Server for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:SV-33003r1_rule
V-13733
WA000-WWA054
WA000-WWA054 W22
CAT I
10
Add one of the following to the enabled Options directive +IncludesNoExec, -IncludesNoExec, or -Includes. Remove the "Includes" or "+Includes" setting from the options statement.
Locate the Apache httpd.conf file.
If unable to locate the file, perform a search of the system to find the location of the file.
Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: Options
Review all uncommented Options statements for the following values: +IncludesNoExec, -IncludesNoExec, or -Includes
If these values are found on an enabled Options statement, this is not a finding. If these values do not exist at all, this would be a finding unless the enabled Options statement is set to “None”. If any enabled Options statement has "Includes” or "+Includes” as part of its statement, this is a finding.
V-13733
False
WA000-WWA054 W22
Locate the Apache httpd.conf file.
If unable to locate the file, perform a search of the system to find the location of the file.
Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: Options
Review all uncommented Options statements for the following values: +IncludesNoExec, -IncludesNoExec, or -Includes
If these values are found on an enabled Options statement, this is not a finding. If these values do not exist at all, this would be a finding unless the enabled Options statement is set to “None”. If any enabled Options statement has "Includes” or "+Includes” as part of its statement, this is a finding.
M
Web Administrator
158