Web server system files must conform to minimum file permission requirements.

From APACHE 2.2 Server for UNIX Security Technical Implementation Guide

Part of WG300

SV-32938r1_rule Web server system files must conform to minimum file permission requirements.

Vulnerability discussion

This check verifies that the key web server system configuration files are owned by the SA or the web administrator controlled account. These same files that control the configuration of the web server, and thus its behavior, must also be accessible by the account that runs the web service. If these files are altered by a malicious user, the web server would no longer be under the control of its managers and owners; properties in the web server configuration could be altered to compromise the entire server platform.

Check content

Apache directory and file permissions and ownership should be set per the following table.. The installation directories may vary from one installation to the next. If used, the WebAmins group should contain only accounts of persons authorized to manage the web server configuration, otherwise the root group should own all Apache files and directories. If the files and directories are not set to the following permissions or more restrictive, this is a finding. To locate the ServerRoot directory enter the following command. grep ^ ServerRoot /usr/local/apache2/conf/httpd.conf /Server root dir apache root WebAdmin 771/660 /apache/cgi-bin root WebAdmin 775/775 /apache/bin root WebAdmin 550/550 /apache/config root WebAdmin 770/660 /apache/htdocs root WebAdmin 775/664 /apache/logs root WebAdmin 750/640 NOTE: The permissions are noted as directories / files

Fix text

Use the chmod command to set permissions on the web server system directories and files as follows. root dir apache root WebAdmin 771/660 /apache/cgi-bin root WebAdmin 775/775 /apache/bin root WebAdmin 550/550 /apache/config root WebAdmin 770/660 /apache/htdocs root WebAdmin 775/664 /apache/logs root WebAdmin 750/640

Pro Tips

Powered by sagemincer