Check: WA00535 A24
Apache Server 2.4 Unix:
WA00535 A24
(in version v1 r1)
Title
The score board file must be properly secured. (Cat II impact)
Discussion
The ScoreBoardfile directive sets a file path which the server will use for Inter-Process Communication (IPC) among the Apache processes. If the directive is specified, then Apache will use the configured file for the inter-process communication. Therefore if it is specified it needs to be located in a secure directory. If the ScoreBoardfile is placed in a writable directory, other accounts could create a denial of service attack and prevent the server from starting by creating a file with the same name, and or users could monitor and disrupt the communication between the processes by reading and writing to the file.
Check Content
To determine the location and permissions of the score board file enter the following command: find / -name ScoreBoard -print -exec ls -lL {} \; If the permissions on the file are not set to 644 or less, this is a finding.
Fix Text
The scoreboard file is created when the server starts, and is deleted when it shuts down, set the permissions during the creation of the file.
Additional Identifiers
Rule ID:
Vulnerability ID: V-26322
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |