Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Installation of a compiler on production web server must be prohibited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2236 | WG080 W22 | SV-33061r3_rule | ECSC-1 | Medium |
| Description |
|---|
| The presence of a compiler on a production server facilitates the malicious user’s task of creating custom versions of programs and installing Trojan Horses or viruses. For example, the attacker’s code can be uploaded and compiled on the server under attack. |
| STIG | Date |
|---|---|
| APACHE SERVER 2.0 for Windows | 2015-08-27 |
Details
| Check Text ( C-33733r3_chk ) |
|---|
| Using Windows Explorer, search the system for the existence of known compilers such as msc.exe, msvc.exe, Python.exe, javac.exe, Lcc-win32.exe, or equivalent. Look in all hard drives. Also, query the SA and the Web Manager to determine if a compiler is present on the server. Query the SA and the Web Manager to determine if a compiler is present on the server. If a compiler is present, this is a finding. NOTE: When Apache is part of a suite install, e.g. application server, and a compiler is needed for installation and patching of the product, document the installation of the compiler with the ISSO/ISSM and verify that the compiler is restricted to administrative users only. If documented and restricted to administrative users, this is not a finding. |
| Fix Text (F-29368r3_fix) |
|---|
| Remove any compiler found on the production web server. If the compiler is needed to patch the product in a production environment, document the compiler installation with the ISSO/ISSM and ensure that the compiler is restricted to only administrative users. |