From APACHE SITE 2.2 for Unix Security Technical Implementation Guide
Part of WG290
Associated with IA controls: ECLP-1
Excessive permissions for the anonymous web user account are one of the most common faults contributing to the compromise of a web server. If this user is able to upload and execute files on the web server, the organization or owner of the server will no longer have control of the asset.
To view the value of Alias enter the following command: grep "Alias" /usr/local/apache2/conf/httpd.conf Alias ScriptAlias ScriptAliasMatch Review the results to determine the location of the files listed above. Enter the following command to determine the permissions of the above file: ls -Ll /file-path The only accounts listed should be the web administrator, developers, and the account assigned to run the apache server service. If accounts that don’t need access to these directories are listed, this is a finding. If the permissions assigned to the account for the Apache web server service is greater than Read & Execute (R_E), this is a finding.
Assign the appropriate permissions to the applicable directories and files using the chmod command.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer