DISA STIG Apache Server 2.2 Unix v1r11

Audit Details

Name: DISA STIG Apache Server 2.2 Unix v1r11

Updated: 11/1/2023

Authority: DISA STIG

Plugin: Unix

Revision: 1.11

Estimated Item Count: 98

File Details

Filename: DISA_STIG_Apache_Server-2.2_Unix_v1r11.audit

Size: 169 kB

MD5: f6a68a0d13fed5926cf0fef35a3de9a6
SHA256: 406d2c1f52561acdf331e0d4b89cb6ae1351cfeb0eeb1247da93adeb886fd8b8

Audit Items

DescriptionCategories
DISA_STIG_Apache_Server-2.2_Unix_v1r11.audit from DISA Apache 2.2 Unix STIG v1r11
WA000-WWA020 A22 - The Timeout directive must be properly set.

ACCESS CONTROL

WA000-WWA022 A22 - The KeepAlive directive must be enabled.

ACCESS CONTROL

WA000-WWA024 A22 - The KeepAliveTimeout directive must be defined.

ACCESS CONTROL

WA000-WWA026 A22 - The httpd.conf StartServers directive must be set properly.

CONFIGURATION MANAGEMENT

WA000-WWA028 A22 - The httpd.conf MinSpareServers directive must be set properly.

SYSTEM AND COMMUNICATIONS PROTECTION

WA000-WWA030 A22 - The httpd.conf MaxSpareServers directive must be set properly.

SYSTEM AND COMMUNICATIONS PROTECTION

WA000-WWA032 A22 - The httpd.conf MaxClients directive must be set properly.

SYSTEM AND COMMUNICATIONS PROTECTION

WA000-WWA050 A22 - All interactive programs must be placed in a designated directory with appropriate permissions - conf

CONFIGURATION MANAGEMENT

WA000-WWA050 A22 - All interactive programs must be placed in a designated directory with appropriate permissions - printenv

CONFIGURATION MANAGEMENT

WA000-WWA050 A22 - All interactive programs must be placed in a designated directory with appropriate permissions - test-cgi

CONFIGURATION MANAGEMENT

WA000-WWA052 A22 - The '-FollowSymLinks' setting must be disabled.

CONFIGURATION MANAGEMENT

WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - -+IncludesNOEXEC|-Includes

ACCESS CONTROL

WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - +Includes

ACCESS CONTROL

WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - None
WA000-WWA054 A22 - Server side includes (SSIs) must run with execution capability disabled - Options None
WA000-WWA056 A22 - The MultiViews directive must be disabled.

CONFIGURATION MANAGEMENT

WA000-WWA058 A22 - Directory indexing must be disabled on directories not containing index files.

CONFIGURATION MANAGEMENT

WA000-WWA060 A22 - The HTTP request message body size must be limited.

CONFIGURATION MANAGEMENT

WA000-WWA062 A22 - The HTTP request header fields must be limited.

CONFIGURATION MANAGEMENT

WA000-WWA064 A22 - The HTTP request header field size must be limited.

CONFIGURATION MANAGEMENT

WA000-WWA066 A22 - The HTTP request line must be limited.

CONFIGURATION MANAGEMENT

WA060 A22 - A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.
WA070 A22 - A private web server must be located on a separate controlled access subnet.
WA120 A22 - Administrative users and groups that have access rights to the web server must be documented.
WA140 A22 - Web server content and configuration files must be part of a routine backup program.
WA230 A22 - The Web site software used with the web server must have all applicable security patches applied and documented.

SYSTEM AND INFORMATION INTEGRITY

WA00500 A22 - Active software modules must be minimized.

CONFIGURATION MANAGEMENT

WA00505 A22 - Web Distributed Authoring and Versioning (WebDAV) must be disabled.

CONFIGURATION MANAGEMENT

WA00510 A22 - Web server status module must be disabled.

CONFIGURATION MANAGEMENT

WA00515 A22 - Automatic directory indexing must be disabled.

CONFIGURATION MANAGEMENT

WA00520 A22 - The web server must not be configured as a proxy server.

CONFIGURATION MANAGEMENT

WA00525 A22 - User specific directories must not be globally enabled.

CONFIGURATION MANAGEMENT

WA00530 A22 - The process ID (PID) file must be properly secured - config

CONFIGURATION MANAGEMENT

WA00530 A22 - The process ID (PID) file must be properly secured - permissions
WA00535 A22 - The score board file must be properly secured.
WA00540 A22 - The web server must be configured to explicitly deny access to the OS root - Deny

ACCESS CONTROL

WA00540 A22 - The web server must be configured to explicitly deny access to the OS root - Order

ACCESS CONTROL

WA00545 A22 - Web server options for the OS root must be disabled.

CONFIGURATION MANAGEMENT

WA00547 A22 - The ability to override the access configuration for the OS root directory must be disabled.

ACCESS CONTROL

WA00550 A22 - The TRACE method must be disabled.

CONFIGURATION MANAGEMENT

WA00555 A22 - The web server must be configured to listen on a specific IP address and port - [::ffff:0.0.0.0]:80

CONFIGURATION MANAGEMENT

WA00555 A22 - The web server must be configured to listen on a specific IP address and port - 0.0.0.0:80

CONFIGURATION MANAGEMENT

WA00555 A22 - The web server must be configured to listen on a specific IP address and port - 80

CONFIGURATION MANAGEMENT

WA00555 A22 - The web server must be configured to listen on a specific IP address and port - listen

CONFIGURATION MANAGEMENT

WA00560 A22 - The URL-path name must be set to the file path name or the directory path name.

CONFIGURATION MANAGEMENT

WA00565 A22 - HTTP request methods must be limited - Deny

CONFIGURATION MANAGEMENT

WA00565 A22 - HTTP request methods must be limited - LimitExcept
WA00565 A22 - HTTP request methods must be limited - Order
WG040 A22 - Public web server resources must not be shared with private assets - .netrc

CONFIGURATION MANAGEMENT