UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Web client access to the content directories must be restricted to read and execute.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2258 WG290 A22 SV-33027r1_rule ECLP-1 High
Description
Excessive permissions for the anonymous web user account are one of the most common faults contributing to the compromise of a web server. If this user is able to upload and execute files on the web server, the organization or owner of the server will no longer have control of the asset.
STIG Date
APACHE SITE 2.2 for Unix 2011-12-12

Details

Check Text ( C-33710r1_chk )
To view the value of Alias enter the following command:

grep "Alias" /usr/local/apache2/conf/httpd.conf

Alias
ScriptAlias
ScriptAliasMatch

Review the results to determine the location of the files listed above.

Enter the following command to determine the permissions of the above file:

ls -Ll /file-path

The only accounts listed should be the web administrator, developers, and the account assigned to run the apache server service.
If accounts that don’t need access to these directories are listed, this is a finding.
If the permissions assigned to the account for the Apache web server service is greater than Read & Execute (R_E), this is a finding.
Fix Text (F-29342r1_fix)
Assign the appropriate permissions to the applicable directories and files using the chmod command.