Check: WG300 A24
Apache Server 2.4 Unix:
WG300 A24
(in version v1 r1)
Title
Web server system files must conform to minimum file permission requirements. (Cat II impact)
Discussion
This check verifies that the key web server system configuration files are owned by the SA or the web administrator controlled account. These same files that control the configuration of the web server, and thus its behavior, must also be accessible by the account that runs the web service. If these files are altered by a malicious user, the web server would no longer be under the control of its managers and owners; properties in the web server configuration could be altered to compromise the entire server platform.
Check Content
Apache directory and file permissions and ownership should be set per the following table. The installation directories may vary from one installation to the next. If used, the WebAdmins group should contain only accounts of persons authorized to manage the web server configuration, otherwise the root group should own all Apache files and directories. If the files and directories are not set to the following permissions or more restrictive, this is a finding. To locate the ServerRoot directory enter the following command. find / -name httpd.conf -print -exec grep -H -i "^ServerRoot" {} \; /Server root dir apache root WebAdmin 771/660 /apache/cgi-bin root WebAdmin 775/775 /apache/bin root WebAdmin 550/550 /apache/config root WebAdmin 770/660 /apache/htdocs root WebAdmin 775/664 /apache/logs root WebAdmin 750/640 NOTE: The permissions are noted as directories / files
Fix Text
Use the chmod/chown/chgrp commands (as appropriate) to set permissions on the web server system directories and files as follows. root dir apache root WebAdmin 771/660 /apache/cgi-bin root WebAdmin 775/775 /apache/bin root WebAdmin 550/550 /apache/config root WebAdmin 770/660 /apache/htdocs root WebAdmin 775/664 /apache/logs root WebAdmin 750/640
Additional Identifiers
Rule ID:
Vulnerability ID: V-2259
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |