Item Search

Name	Audit Name	Plugin	Category
WA000-WWA020 W22 - The Timeout directive must be properly set.	DISA STIG Apache Server 2.2 Windows v1r13	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
WA000-WWA024 A22 - The KeepAliveTimeout directive must be defined.	DISA STIG Apache Server 2.2 Unix v1r11 Middleware	Unix
WA000-WWA024 W22 - The KeepAliveTimeout directive must be defined.	DISA STIG Apache Server 2.2 Windows v1r13	Windows	SYSTEM AND COMMUNICATIONS PROTECTION
WA000-WWA030 A22 - The httpd.conf MaxSpareServers directive must be set properly.	DISA STIG Apache Server 2.2 Unix v1r11 Middleware	Unix
WA000-WWA050 A22 - All interactive programs must be placed in a designated directory with appropriate permissions - test-cgi	DISA STIG Apache Server 2.2 Unix v1r11 Middleware	Unix
WA000-WWA050 W22 - All interactive programs must be placed in a designated directory with appropriate permissions. - 'AddHandler'	DISA STIG Apache Server 2.2 Windows v1r13	Windows	CONFIGURATION MANAGEMENT
WA000-WWA056 A22 - The MultiViews directive must be disabled.	DISA STIG Apache Server 2.2 Unix v1r11	Unix	CONFIGURATION MANAGEMENT
WA000-WWA058 A22 - Directory indexing must be disabled on directories not containing index files.	DISA STIG Apache Server 2.2 Unix v1r11	Unix	CONFIGURATION MANAGEMENT
WA000-WWA058 W22 - Directory indexing must be disabled on directories not containing index files.	DISA STIG Apache Server 2.2 Windows v1r13	Windows	CONFIGURATION MANAGEMENT
WA000-WWA060 W22 - The HTTP request message body size must be limited.	DISA STIG Apache Server 2.2 Windows v1r13	Windows	CONFIGURATION MANAGEMENT
WA120 W22 - Administrative users and groups that have access rights to the web server must be documented.	DISA STIG Apache Server 2.2 Windows v1r13	Windows
WA00505 A22 - Web Distributed Authoring and Versioning (WebDAV) must be disabled.	DISA STIG Apache Server 2.2 Unix v1r11 Middleware	Unix	CONFIGURATION MANAGEMENT
WA00525 W22 - User specific directories must not be globally enabled.	DISA STIG Apache Server 2.2 Windows v1r13	Windows	CONFIGURATION MANAGEMENT
WA00535 A22 - The score board file must be properly secured.	DISA STIG Apache Server 2.2 Unix v1r11 Middleware	Unix
WA00540 A22 - The web server must be configured to explicitly deny access to the OS root - Order	DISA STIG Apache Server 2.2 Unix v1r11 Middleware	Unix
WA00550 W22 - The TRACE method must be disabled.	DISA STIG Apache Server 2.2 Windows v1r13	Windows	CONFIGURATION MANAGEMENT
WA00555 A22 - The web server must be configured to listen on a specific IP address and port - 80	DISA STIG Apache Server 2.2 Unix v1r11	Unix	CONFIGURATION MANAGEMENT
WA00555 A22 - The web server must be configured to listen on a specific IP address and port - 80	DISA STIG Apache Server 2.2 Unix v1r11 Middleware	Unix
WA00555 W22 - The web server must be configured to listen on a specific IP address and port. - '0.0.0.0:80'	DISA STIG Apache Server 2.2 Windows v1r13	Windows	CONFIGURATION MANAGEMENT
WA00565 A22 - HTTP request methods must be limited - LimitExcept	DISA STIG Apache Server 2.2 Unix v1r11 Middleware	Unix
WA00565 A22 - HTTP request methods must be limited - Order	DISA STIG Apache Server 2.2 Unix v1r11	Unix
WA00605 A22 - Error logging must be enabled.	DISA STIG Apache Site 2.2 Unix v1r11	Unix	AUDIT AND ACCOUNTABILITY
WG040 A22 - Public web server resources must not be shared with private assets.	DISA STIG Apache Server 2.2 Unix v1r11	Unix
WG060 W22 - The service account used to run the web service must have its password changed at least annually.	DISA STIG Apache Server 2.2 Windows v1r13	Windows
WG130 A22 - All utility programs, not necessary for operations, must be removed or disabled.	DISA STIG Apache Server 2.2 Unix v1r11 Middleware	Unix	CONFIGURATION MANAGEMENT
WG140 A22 - Private web servers must require certificates issued from a DoD-authorized Certificate Authority.	DISA STIG Apache Site 2.2 Unix v1r11	Unix	SYSTEM AND COMMUNICATIONS PROTECTION
WG145 A22 - The private web server must use an approved DoD certificate validation process.	DISA STIG Apache Server 2.2 Unix v1r11 Middleware	Unix
WG190 A22 - Web server software must be a vendor-supported version.	DISA STIG Apache Server 2.2 Unix v1r11 Middleware	Unix
WG200 A22 - Administrators must be the only users allowed access to the directory tree, the shell, or other operating system functions and utilities.	DISA STIG Apache Server 2.2 Unix v1r11	Unix	ACCESS CONTROL
WG200 W22 - Administrators must be the only users allowed access to the directory tree, the shell, or other operating system functions and utilities. - 'System32\command.com'	DISA STIG Apache Server 2.2 Windows v1r13	Windows
WG204 A22 - A web server must be segregated from other services.	DISA STIG Apache Server 2.2 Unix v1r11	Unix
WG220 W22 - Web administration tools must be restricted to the web manager and the web manager's designees.	DISA STIG Apache Server 2.2 Windows v1r13	Windows	CONFIGURATION MANAGEMENT
WG230 A22 - Web server administration must be performed over a secure path or at the local console.	DISA STIG Apache Site 2.2 Unix v1r11	Unix	CONFIGURATION MANAGEMENT
WG237 A22 - Remote authors or content providers must have all files scanned for viruses and malicious code before uploading files to the Document Root directory.	DISA STIG Apache Site 2.2 Unix v1r11	Unix	SYSTEM AND INFORMATION INTEGRITY
WG237 W22 - Remote authors or content providers must have all files scanned for malware before uploading files to the Document Root directory.	DISA STIG Apache Server 2.2 Windows v1r13	Windows	SYSTEM AND INFORMATION INTEGRITY
WG240 A22 - Logs of web server access and errors must be established and maintained	DISA STIG Apache Site 2.2 Unix v1r11	Unix	AUDIT AND ACCOUNTABILITY
WG250 A22 - Log file access must be restricted to System Administrators, Web Administrators or Auditors.	DISA STIG Apache Site 2.2 Unix v1r11 Middleware	Unix	CONFIGURATION MANAGEMENT
WG255 A22 - Access to the web server log files must be restricted to administrators, web administrators, and auditors.	DISA STIG Apache Site 2.2 Unix v1r11	Unix
WG265 A22 - The required DoD banner page must be displayed to authenticated users accessing a DoD private website.	DISA STIG Apache Site 2.2 Unix v1r11	Unix	ACCESS CONTROL
WG290 A22 - Web client access to the content directories must be restricted to read and execute - alias	DISA STIG Apache Site 2.2 Unix v1r11 Middleware	Unix	CONFIGURATION MANAGEMENT
WG300 A22 - Web server system files must conform to minimum file permission requirements - logs	DISA STIG Apache Server 2.2 Unix v1r11	Unix	CONFIGURATION MANAGEMENT
WG330 A22 - A public web server must limit email to outbound only - sendmail	DISA STIG Apache Server 2.2 Unix v1r11	Unix
WG350 A22 - A private web server will have a valid DoD server certificate.	DISA STIG Apache Site 2.2 Unix v1r11 Middleware	Unix
WG360 A22 - Symbolic links must not be used in the web content directory tree - conf	DISA STIG Apache Site 2.2 Unix v1r11	Unix	CONFIGURATION MANAGEMENT
WG360 A22 - Symbolic links must not be used in the web content directory tree - find	DISA STIG Apache Site 2.2 Unix v1r11 Middleware	Unix	CONFIGURATION MANAGEMENT
WG370 A22 - MIME types for csh or sh shell programs must be disabled - Action	DISA STIG Apache Server 2.2 Unix v1r11	Unix	CONFIGURATION MANAGEMENT
WG370 A22 - MIME types for csh or sh shell programs must be disabled - Action	DISA STIG Apache Server 2.2 Unix v1r11 Middleware	Unix	CONFIGURATION MANAGEMENT
WG400 A22 - All interactive programs (CGI) must be placed in a designated directory with appropriate permissions.	DISA STIG Apache Site 2.2 Unix v1r11 Middleware	Unix	ACCESS CONTROL
WG420 A22 - Backup interactive scripts on the production web server are prohibited.	DISA STIG Apache Server 2.2 Unix v1r11	Unix
WG490 A22 - Java software on production web servers must be limited to class files and the JAVA virtual machine - html	DISA STIG Apache Site 2.2 Unix v1r11 Middleware	Unix	CONFIGURATION MANAGEMENT

Detections

Analytics

Item Search