WG204 A22 - A web server must be segregated from other services.

Information

The web server installation and configuration plan should not support the co-hosting of multiple services such as Domain Name Service (DNS), e-mail, databases, search engines, indexing, or streaming media on the same server that is providing the web publishing service. By separating these services additional defensive layers are established between the web service and the applicable application should either be compromised.

Disallowed or restricted services in the context of this vulnerability applies to services that are not directly associated with the delivery of web content. An operating system that supports a web server will not provide other services (e.g., domain controller, e-mail server, database server, etc.). Only those services necessary to support the web server and its hosted sites are specifically allowed and may include, but are not limited to, operating system, logging, anti-virus, host intrusion detection, administrative maintenance, or network requirements.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Move or install additional services and applications to partitions that are not the operating system root or the web document root.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_UNIX_V1R11_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-32950r1_rule, STIG-ID|WG204_A22, Vuln-ID|V-6577

Plugin: Unix

Control ID: 85f64979cf270fdf561fa5a62b42a2c60af41e3a5b544695929decafbab55430