Backup interactive scripts are present on the system.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-2230	WG420	SV-16203r1_rule		Medium

Description
Copies of backup files will not execute on the server, but can be read by the anonymous user if special precautions are not taken. Such backup copies contain the same sensitive information as the actual script being executed and as such are useful to malicious users. Techniques and systems exist today which search web servers for such files and are able to exploit the information contained in them. Backup copies of files are automatically created by some text editors such as emacs and edit plus. The emacs editor will write a backup file with an extension ~ added to the name of the original file; edit plus will create a .bak file. Of course, this would imply the presence and use of development tools on the web server, a finding under WG130. Having backup scripts on the web server provides one more opportunity for malicious persons to view these scripts and use information found in them.

Description

Copies of backup files will not execute on the server, but can be read by the anonymous user if special precautions are not taken. Such backup copies contain the same sensitive information as the actual script being executed and as such are useful to malicious users. Techniques and systems exist today which search web servers for such files and are able to exploit the information contained in them. Backup copies of files are automatically created by some text editors such as emacs and edit plus. The emacs editor will write a backup file with an extension ~ added to the name of the original file; edit plus will create a .bak file. Of course, this would imply the presence and use of development tools on the web server, a finding under WG130. Having backup scripts on the web server provides one more opportunity for malicious persons to view these scripts and use information found in them.

STIG	Date
IIS 7.0 Site STIG	2019-03-22

Details

Check Text ( C-2788r1_chk )
Find on all hard drives files containing the following extensions: .bak, .old, .temp, .tmp, *.backup, or ‘copy of..’. Once the files are found, the reviewer must determine if the files are in the document or in the home directory of the web sever. If files with these extensions are in these two directories, this is a finding. If not, the reviewer must make a determination as to the relationship the said file or files has with the web server. If the files are stored in a repository (not in the document root) as backups for the web server, this is also a finding. If the files have no relationship with web activity, such as a backup batch file for operating system utility, this is not a finding.

Check Text ( C-2788r1_chk )

Find on all hard drives files containing the following extensions: *.bak, *.old, *.temp, *.tmp, *.backup, or ‘copy of..’.

Once the files are found, the reviewer must determine if the files are in the document or in the home directory of the web sever.

If files with these extensions are in these two directories, this is a finding. If not, the reviewer must make a determination as to the relationship the said file or files has with the web server.

If the files are stored in a repository (not in the document root) as backups for the web server, this is also a finding.

If the files have no relationship with web activity, such as a backup batch file for operating system utility, this is not a finding.

Fix Text (F-2279r1_fix)
Ensure that CGI backup scripts are not left on the web server.