3.9 Ensure the Pid File Is Secured - 'PidFile permissions'


The PidFile directive sets the file path to the process ID file to which the server records the process id of the server, which is useful for sending a signal to the server process or for checking on the health of the process.


If the PidFile is placed in a writable directory, other accounts could create a denial of service attack and prevent the server from starting by creating a PID file with the same name.


Find the directory in which the PidFile would be created. The default value is the ServerRoot/logs directory.

Modify the directory if the PidFile is in a directory within the Apache 'DocumentRoot'.

Change the ownership and group to be root:root, if not already.

Change the permissions so that the directory is only writable by root, or the user under which Apache initially starts up (default is root).

Default Value:

The default process ID file is logs/httpd.pid.

See Also


Item Details


References: 800-53|AC-3, CSCv6|18, CSCv7|14.6

Plugin: Unix

Control ID: 5a5bf7fc8f22a33996c508744a9bd7b97008396bd5cd69db9d116786773edcee