STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

The web server must be configured to listen on a specific IP address and port.

DISA Rule

SV-33228r1_rule

Vulnerability Number

V-26326

Group Title

WA00555

Rule Version

WA00555 A22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit the httpd.conf file and set the "Listen directive" to listen on a specific IP address and port.

Check Contents

Enter the following command:

grep "Listen" /usr/local/apache2/conf/httpd.conf

Review the results for the following directive: Listen

For any enabled Listen directives ensure they specify both an IP address and port number.

If the Listen directive is found with only an IP address, or only a port number specified, this is finding.
If the IP address is all zeros (i.e. 0.0.0.0:80 or [::ffff:0.0.0.0]:80, this is a finding.
If the Listen directive does not exist, this is a finding.

Vulnerability Number

V-26326

Documentable

False

Rule Version

WA00555 A22

Severity Override Guidance

Enter the following command:

grep "Listen" /usr/local/apache2/conf/httpd.conf

Review the results for the following directive: Listen

For any enabled Listen directives ensure they specify both an IP address and port number.

If the Listen directive is found with only an IP address, or only a port number specified, this is finding.
If the IP address is all zeros (i.e. 0.0.0.0:80 or [::ffff:0.0.0.0]:80, this is a finding.
If the Listen directive does not exist, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments