OH12-1X-000035 - Non-privileged accounts on the hosting system must only access OHS security-relevant information and functions through a distinct administrative account.

Information

By separating web server security functions from non-privileged users, roles can be developed that can then be used to administer the web server. Forcing users to change from a non-privileged account to a privileged account when operating on the web server or on security-relevant information forces users to only operate as a web server administrator when necessary. Operating in this manner allows for better logging of changes and better forensic information and limits accidental changes to the web server.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

1. Configure sudo such that only the account that owns the OHS software can access it from the hosting system.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_HTTP_Server_12-1-3_V2R2_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(10), CAT|II, CCI|CCI-002235, Rule-ID|SV-221302r879717_rule, STIG-ID|OH12-1X-000035, STIG-Legacy|SV-78993, STIG-Legacy|V-64503, Vuln-ID|V-221302

Plugin: Unix

Control ID: 09ce0cfb337f8823808f1e0006f1e7940759d0d45e9611e2fd77f09a920f25ea