STIGQter: STIG Summary: APACHE 2.2 Site for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019: STIGQter: STIG Summary: APACHE 2.2 Site for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:SV-33027r2_rule
V-2258
WG290
WG290 A22
CAT I
10
Assign the appropriate permissions to the applicable directories and files using the chmod command.
To view the value of Alias enter the following command:
grep "Alias" /usr/local/apache2/conf/httpd.conf
Alias
ScriptAlias
ScriptAliasMatch
Review the results to determine the location of the files listed above.
Enter the following command to determine the permissions of the above file:
ls -Ll /file-path
The only accounts listed should be the web administrator, developers, and the account assigned to run the apache server service.
If accounts that don’t need access to these directories are listed, this is a finding.
If the permissions assigned to the account for the Apache web server service, or any group to which the Apache web server service belongs, is greater than Read & Execute (R_E), this is a finding.
V-2258
False
WG290 A22
To view the value of Alias enter the following command:
grep "Alias" /usr/local/apache2/conf/httpd.conf
Alias
ScriptAlias
ScriptAliasMatch
Review the results to determine the location of the files listed above.
Enter the following command to determine the permissions of the above file:
ls -Ll /file-path
The only accounts listed should be the web administrator, developers, and the account assigned to run the apache server service.
If accounts that don’t need access to these directories are listed, this is a finding.
If the permissions assigned to the account for the Apache web server service, or any group to which the Apache web server service belongs, is greater than Read & Execute (R_E), this is a finding.
M
Web Administrator
161