UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The web server must be protected from being stopped by a non-privileged user.


Overview

Finding ID Version Rule ID IA Controls Severity
V-206432 SRG-APP-000435-WSR-000147 SV-206432r879806_rule Medium
Description
An attacker has at least two reasons to stop a web server. The first is to cause a DoS, and the second is to put in place changes the attacker made to the web server configuration. To prohibit an attacker from stopping the web server, the process ID (pid) of the web server and the utilities used to start/stop the web server must be protected from access by non-privileged users. By knowing the pid and having access to the web server utilities, a non-privileged user has a greater capability of stopping the server, whether intentionally or unintentionally.
STIG Date
Web Server Security Requirements Guide 2023-09-13

Details

Check Text ( C-6693r377888_chk )
Review the web server documentation and deployed configuration to determine where the process ID is stored and which utilities are used to start/stop the web server.

Determine whether the process ID and the utilities are protected from non-privileged users.

If they are not protected, this is a finding.
Fix Text (F-6693r377889_fix)
Remove or modify non-privileged account access to the web server process ID and the utilities used for starting/stopping the web server.