STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

The ability to override the access configuration for the OS root directory must be disabled.

DISA Rule

SV-33232r1_rule

Vulnerability Number

V-26393

Group Title

WA00547

Rule Version

WA00547 A22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit the httpd.conf file and add or set the value of AllowOverride to "None".

Check Contents

Enter the following command:

more /usr/local/Apache2.2/conf/httpd.conf.

Review the httpd.conf file and search for the following directive:

Directory

For every root directory entry (i.e. <Directory />) ensure the following entry exists:

AllowOverride None

If the statement above is not found in the root directory statement, this is a finding.

If Allow directives are included in the root directory statement, this is a finding.

If the root directory statement is not listed at all, this is a finding.

Vulnerability Number

V-26393

Documentable

False

Rule Version

WA00547 A22

Severity Override Guidance

Enter the following command:

more /usr/local/Apache2.2/conf/httpd.conf.

Review the httpd.conf file and search for the following directive:

Directory

For every root directory entry (i.e. <Directory />) ensure the following entry exists:

AllowOverride None

If the statement above is not found in the root directory statement, this is a finding.

If Allow directives are included in the root directory statement, this is a finding.

If the root directory statement is not listed at all, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments