UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

All interactive programs must be placed in a designated directory with appropriate permissions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-13731 WA000-WWA050 A22 SV-32763r1_rule Medium
Description
Directory options directives are directives that can be applied to further restrict access to file and directories. The Options directive controls which server features are available in a particular directory. The ExecCGI option controls the execution of CGI scripts using mod_cgi. This needs to be restricted to only the directory intended for script execution.
STIG Date
APACHE 2.2 Server for UNIX Security Technical Implementation Guide 2018-07-06

Details

Check Text ( C-33613r1_chk )
Search for the unnecessary CGI programs which may be found in the directories configured with ScriptAlias, Script or other Script* directives. Often, CGI directories are named cgi-bin. Also, CGI AddHandler or SetHandler directives may also be in use for specific handlers such as perl, python and PHP.

To search the http.conf file for Options enter the following command:

grep "Options" /usr/local/apache2/conf/httpd.conf.

If the value for Options is returned with a ExecCGI (no +) this is a finding.
Fix Text (F-29240r1_fix)
Locate any cgi-bin files and directories enabled in the Apache configuration via Script, ScriptAlias or other Script* directives.

Remove the printenv default CGI in cgi-bin directory if it is installed.

rm $APACHE_PREFIX/cgi-bin/printenv.

Remove the test-cgi file from the cgi-bin directory if it is installed.

rm $APACHE_PREFIX/cgi-bin/test-cgi.

Review and remove any other cgi-bin files which are not needed for business purposes.