STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020: STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:SV-79083r1_rule
V-64593
SRG-APP-000516-WSR-000079
OH12-1X-000176
CAT II
10
1. Open $DOMAIN_HOME/config/nodemanager/nm_password.properties with an editor.
2. Remove the "hashed" property and value.
3. Set the "username" property to the account name to use for Node Manager, add the property if it does not exist.
4. Set the "password" property to a password compliant with DoD requirements for password complexity to use for Node Manager, add the property if it does not exist.
5. Start/Restart Node Manager so that the password contained within $DOMAIN_HOME/config/nodemanager/nm_password.properties is encrypted.
6. Remove the "username" and "password" properties and along with their values from within $DOMAIN_HOME/config/nodemanager/nm_password.properties, but leave the new "hashed" property and value.
1. If the password for Node Manager does not meet DoD requirements for password complexity, this is a finding.
2. Open $DOMAIN_HOME/config/nodemanager/nm_password.properties with an editor.
3. If the "username" property and value are still present, this is a finding.
4. If the "password" property and value are still present, this is a finding.
V-64593
False
OH12-1X-000176
1. If the password for Node Manager does not meet DoD requirements for password complexity, this is a finding.
2. Open $DOMAIN_HOME/config/nodemanager/nm_password.properties with an editor.
3. If the "username" property and value are still present, this is a finding.
4. If the "password" property and value are still present, this is a finding.
M
2753