STIGQter: STIG Summary: APACHE 2.2 Server for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

The httpd.conf StartServers directive must be set properly.

DISA Rule

SV-36645r2_rule

Vulnerability Number

V-13727

Group Title

WA000-WWA026

Rule Version

WA000-WWA026 A22

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Open the httpd.conf file with an editor and search for the following directive:

StartServer

Set the directive to a value between 5 and 10, add the directive if it does not exist.

It is recommended that the directive be explicitly set to prevent unexpected results if the defaults change with updated software.

Check Contents

Locate the Apache httpd.conf file. If you cannot locate the file, you can do a search of the drive to find the location of the file.

Open the httpd.conf file with an editor and search for the following directive:

StartServers

The value needs to be between 5 and 10

If the directive is set improperly, this is a finding.

If the directive does not exist, this is NOT a finding because it will default to 5. It is recommended that the directive be explicitly set to prevent unexpected results if the defaults change with updated software.

NOTE: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of increased or decreased value. If the site has this documentation, this should be marked as Not a Finding.

The httpd.conf StartServers directive must be set properly.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments