STIGQter STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

The web server’s htpasswd files (if present) must reflect proper ownership and permissions

DISA Rule

SV-36478r2_rule

Vulnerability Number

V-2255

Group Title

WG270

Rule Version

WG270 A22

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The SA or Web Manager account should own the htpasswd file and permissions should be set to 550.

Check Contents

To locate the htpasswd file enter the following command:

Find / -name htpasswd
Permissions should be r-x r - x - - - (550)

If permissions on htpasswd are greater than 550, this is a finding.

Owner should be the SA or Web Manager account, if another account has access to this file, this is a finding.

Vulnerability Number

V-2255

Documentable

False

Rule Version

WG270 A22

Severity Override Guidance

To locate the htpasswd file enter the following command:

Find / -name htpasswd
Permissions should be r-x r - x - - - (550)

If permissions on htpasswd are greater than 550, this is a finding.

Owner should be the SA or Web Manager account, if another account has access to this file, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

158

Comments