From Apache Server 2.4 UNIX Server Security Technical Implementation Guide
Part of SRG-APP-000435-WSR-000147
Associated with: CCI-002385
An attacker has at least two reasons to stop a web server. The first is to cause a denial of service (DoS), and the second is to put in place changes the attacker made to the web server configuration.
Review the web server documentation and deployed configuration to determine where the process ID is stored and which utilities are used to start/stop the web server. Determine where the "httpd.pid" file is located by running the following command: find / -name "httpd.pid" This file is automatically generated upon service start. Verify the file is owner/group root: ls -lah <'httpd.pid location'>/httpd.pid If the file owner/group is not root, this is a finding. Verify the service utilities to manage the Apache service are owner/group root: ls -lah /usr/sbin/service ls -lah /usr/sbin/apachectl If they are not, this is a finding. Determine whether the process ID and the utilities are protected from non-privileged users. If they are not protected, this is a finding.
Review the web server documentation and deployed configuration to determine where the process ID is stored and which utilities are used to start/stop the web server. Determine where the "httpd.pid" file is located by running the following command: find / -name "httpd.pid" Run the following commands: # cd <'httpd.pid location'>/ # chown root.root httpd.pid # chmod 644 httpd.pid # cd /usr/sbin # chown root.root service apachectl # chmod 755 service apachectl
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer