STIGQter: STIG Summary: Web Server Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 26 Apr 2019:

The web server must be protected from being stopped by a non-privileged user.

DISA Rule

SV-70253r2_rule

Vulnerability Number

V-55999

Group Title

SRG-APP-000435-WSR-000147

Rule Version

SRG-APP-000435-WSR-000147

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Remove or modify non-privileged account access to the web server process ID and the utilities used for starting/stopping the web server.

Check Contents

Review the web server documentation and deployed configuration to determine where the process ID is stored and which utilities are used to start/stop the web server.

Determine whether the process ID and the utilities are protected from non-privileged users.

If they are not protected, this is a finding.

Vulnerability Number

V-55999

Documentable

False

Rule Version

SRG-APP-000435-WSR-000147

Severity Override Guidance

Review the web server documentation and deployed configuration to determine where the process ID is stored and which utilities are used to start/stop the web server.

Determine whether the process ID and the utilities are protected from non-privileged users.

If they are not protected, this is a finding.

Check Content Reference

M

Target Key

2557

Comments