Title

Monitoring software must include CGI type files or equivalent programs. (Cat II impact)

Discussion

By their very nature, CGI type files permit the anonymous web user to interact with data and perhaps store data on the web server. In many cases, CGI scripts exercise system-level control over the server’s resources. These files make appealing targets for the malicious user. If these files can be modified or exploited, the web server can be compromised. CGI or equivalent files must be monitored by a security tool alerting the Web Admin of any unauthorized changes.

Check Content

Request to see the template file or configuration file of the software being used to accomplish this security task. The monitoring program should provide constant monitoring for these files, and instantly alert the Web Admin of any unauthorized changes. Examples of CGI file extensions include, but are not limited to cgi, asp, aspx, class, vb, php, pl, and c. If the monitoring product configuration does not monitor changes to CGI program files, this is a finding.

Fix Text

Configure the monitoring tool to include CGI type files or equivalent programs directory.

Additional Identifiers

Rule ID: SV-38331r1_rule

Vulnerability ID: V-2271

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.