################################################################################
DOCUMENT         : Apache_Server_2-4_UNIX_Server_STIG
VERSION          : 001.001.001
CHECKSUM         : aa779721fc21b992964af7401be5662c8bbffe633bf06ac82ed504b28f6eded9
MANUAL QUESTIONS : 24

IMPORTANT: Make sure to save the completed version of this file to: 
<SCC Install>/Resources/Content/Manual_Questions/Completed_Files

This file contains all of the non-automated STIG requirements found in the STIG.
Results from this file will be combined with automated checks in SCC to provide
complete STIG compliance results.

This file will be programmaticaly imported, so do not modify anything in this file
except for placing an '[X]' to select a Single answer, and entering text comments.

The list of questions is printed in order of severity, listing CAT I (High), then CAT II, etc..

################################################################################

QUESTION         : 1 of 24
TITLE            : CAT I, V-214242, SV-214242r960963, SRG-APP-000141-WSR-000077
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:2901
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:2901
RULE             : The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials.
QUESTION_TEXT    : Verify the document root directory and the configuration files do not provide for default index.html or welcome page.

Verify the Apache User Manual content is not installed by checking the configuration files for manual location directives.

Verify the Apache configuration files do not have the Server Status handler configured.

Verify the Server Information handler is not configured.

Verify that any other handler configurations such as perl-status are not enabled.

If any of these are present, this is a finding.


References:
SV-102733
V-92645
CCI-000381
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 1 *******************************

QUESTION         : 2 of 24
TITLE            : CAT I, V-214248, SV-214248r961095, SRG-APP-000211-WSR-000031
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:4101
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:4101
RULE             : Apache web server application directories,  libraries, and configuration files must only be accessible to privileged users.
QUESTION_TEXT    : Obtain a list of the user accounts for the system, noting the privileges for each account.

Verify with the SA or the Information System Security Officer (ISSO) that all privileged accounts are mission essential and documented.

Verify with the SA or the ISSO that all non-administrator access to shell scripts and operating system functions are mission essential and documented.

If undocumented privileged accounts are present, this is a finding.

If undocumented access to shell scripts or operating system functions is present, this is a finding.

References:
SV-102761
V-92673
CCI-000381
CCI-001082
CCI-001813
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 2 *******************************

QUESTION         : 3 of 24
TITLE            : CAT I, V-214271, SV-214271r961863, SRG-APP-000516-WSR-000079
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:8701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:8701
RULE             : The account used to run the Apache web server must not have a valid login shell and password defined.
QUESTION_TEXT    : Identify the account that is running the "httpd" process:
# ps -ef | grep -i httpd | grep -v grep

apache   29613   996  0 Feb17 ?        00:00:00 /usr/sbin/httpd
apache   29614   996  0 Feb17 ?        00:00:00 /usr/sbin/httpd

Check to see if the account has a valid login shell:

# cut -d: -f1,7 /etc/passwd | grep -i <service_account>
apache:/sbin/nologin

If the service account has a valid login shell, verify that no password is configured for the account:

# cut -d: -f1,2 /etc/shadow | grep -i <service_account>
apache:!!

If the account has a valid login shell and a password defined, this is a finding.

References:
V-92751
SV-102839
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 3 *******************************

QUESTION         : 4 of 24
TITLE            : CAT II, V-214233, SV-214233r960900, SRG-APP-000098-WSR-000060
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:1101
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:1101
RULE             : An Apache web server, behind a load balancer or proxy server, must produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event.
QUESTION_TEXT    : If Apache server is not behind a load balancer or proxy server, this check is Not Applicable.

Interview the System Administrator to review the configuration of the Apache web server architecture and determine if inbound web traffic is passed through a proxy.

If the Apache web server is receiving inbound web traffic through a proxy, the audit logs must be reviewed to determine if correct source information is being passed through by the proxy server.

Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:

# apachectl -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Note: The apachectl front end is the preferred method for locating the Apache httpd file. For some Linux distributions, "apache2ctl -V" or  "httpd -V" can also be used. 

Review the location of the log files.

When the log file is displayed, review the source IP information in the log entries and verify the entries do not reflect the IP address of the proxy server.
If the log entries in the log file(s) reflect the IP address of the client in addition to the proxy address, this is not a finding.
If the log entries in the log file(s) reflect the IP address of the proxy server as the source, this is a finding.

If logs containing source/destination IPs can be obtained at the load balancer/proxy server, this is not a finding.

References:
SV-102709
V-92621
CCI-000133
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 4 *******************************

QUESTION         : 5 of 24
TITLE            : CAT II, V-214234, SV-214234r960912, SRG-APP-000108-WSR-000166
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:1301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:1301
RULE             : The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.
QUESTION_TEXT    : Work with the SIEM administrator to determine if an alert is configured when audit data is no longer received as expected.

If there is no alert configured, this is a finding.

References:
SV-102715
V-92627
CCI-000139
CCI-001855
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 5 *******************************

QUESTION         : 6 of 24
TITLE            : CAT II, V-214235, SV-214235r960930, SRG-APP-000118-WSR-000068
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:1501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:1501
RULE             : The Apache web server log files must only be accessible by privileged users.
QUESTION_TEXT    : Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:

# apachectl -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Note: The apachectl front end is the preferred method for locating the Apache httpd file. For some Linux distributions, "apache2ctl -V" or  "httpd -V" can also be used.

Work with the Administrator to locate the log files:
Example: /etc/httpd/logs

List the POSIX permission set and owner/group of the log files:
# ls -laH /etc/httpd/logs/*log*
Output Example:
-rw-r------. 1 apache root    0 Sep 27 2020 /etc/httpd/logs/access_log
-rw-r------. 1 apache root 1235 Sep 23 2020 /etc/httpd/logs/access_log-20200927
-rw-r------. 1 apache root  332 Sep 26 03:40 /etc/httpd/logs/error_log

Only system administrators and service accounts running the server should have permissions to the files and the POSIX permissions should be set to 640 or more restrictive

If any users other than those authorized have read access to the log files, this is a finding.


References:
SV-102717
V-92629
CCI-000162
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 6 *******************************

QUESTION         : 7 of 24
TITLE            : CAT II, V-214236, SV-214236r960933, SRG-APP-000119-WSR-000069
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:1701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:1701
RULE             : The log information from the Apache web server must be protected from unauthorized modification or deletion.
QUESTION_TEXT    : Verify the log information from the web server must be protected from unauthorized modification.

Review the web server documentation and deployed configuration settings to determine if the web server logging features protect log information from unauthorized modification.
 
Review file system settings to verify the log files have secure file permissions. Run the following command:
 
ls -l <'INSTALL PATH'>/logs
 
If the web server log files present are owned by anyone other than an administrative service account this is a finding.

References:
SV-102719
V-92631
CCI-000163
CCI-000164
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 7 *******************************

QUESTION         : 8 of 24
TITLE            : CAT II, V-214237, SV-214237r960948, SRG-APP-000125-WSR-000071
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:1901
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:1901
RULE             : The log data and records from the Apache web server must be backed up onto a different system or media.
QUESTION_TEXT    : Interview the Information System Security Officer, System Administrator, Web Manager, Webmaster, or developers as necessary to determine whether a tested and verifiable backup strategy has been implemented for web server software and all web server data files.

Proposed questions:
- Who maintains the backup and recovery procedures?
- Do you have a copy of the backup and recovery procedures?
- Where is the off-site backup location?
- Is the contingency plan documented?
- When was the last time the contingency plan was tested?
- Are the test dates and results documented?

If there is not a backup and recovery process for the web server, this is a finding.

References:
SV-102723
V-92635
CCI-001348
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 8 *******************************

QUESTION         : 9 of 24
TITLE            : CAT II, V-214238, SV-214238r1016509, SRG-APP-000131-WSR-000073
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:2101
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:2101
RULE             : Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Apache web server.
QUESTION_TEXT    : Enter the following command:

"httpd -M"

This will provide a list of the loaded modules. Validate that all displayed modules are required for operations.

If any module is not required for operation, this is a finding.

Note: The following modules are needed for basic web function and do not need to be reviewed:

core_module
http_module
so_module
mpm_prefork_module

For a complete list of signed Apache Modules, review https://httpd.apache.org/docs/2.4/mod/.

References:
SV-102725
V-92637
CCI-003992
CCI-001749
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 9 *******************************

QUESTION         : 10 of 24
TITLE            : CAT II, V-214240, SV-214240r960963, SRG-APP-000141-WSR-000075
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:2501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:2501
RULE             : The Apache web server must only contain services and functions necessary for operation.
QUESTION_TEXT    : If the site requires the use of a particular piece of software, verify that the Information System Security Officer (ISSO) maintains documentation identifying this software as necessary for operations. The software must be operated at the vendor’s current patch level and must be a supported vendor release.

If programs or utilities that meet the above criteria are installed on the web server and appropriate documentation and signatures are in evidence, this is not a finding.

Determine whether the web server is configured with unnecessary software.

Determine whether processes other than those that support the web server are loaded and/or run on the web server.

Examples of software that should not be on the web server are all web development tools, office suites (unless the web server is a private web development server), compilers, and other utilities that are not part of the web server suite or the basic operating system.

Check the directory structure of the server and verify that additional, unintended, or unneeded applications are not loaded on the system.

If, after review of the application on the system, there is no justification for the identified software, this is a finding. 


References:
SV-102729
V-92641
CCI-000381
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 10 *******************************

QUESTION         : 11 of 24
TITLE            : CAT II, V-214244, SV-214244r960963, SRG-APP-000141-WSR-000082
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:3301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:3301
RULE             : The Apache web server must allow the mappings to unused and vulnerable scripts to be removed.
QUESTION_TEXT    : Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:

# apachectl -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Note: The apachectl front end is the preferred method for locating the Apache httpd file. For some Linux distributions, "apache2ctl -V" or  "httpd -V" can also be used.  

Locate "cgi-bin" files and directories enabled in the Apache configuration via "Script", "ScriptAlias" or "ScriptAliasMatch", and "ScriptInterpreterSource" directives:

# cat /<path_to_file>/httpd.conf | grep -i "Script"

If any scripts are present that are not needed for application operation, this is a finding.

If this is not documented and approved by the Information System Security Officer (ISSO), this is a finding.

References:
SV-102743
V-92655
CCI-000381
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 11 *******************************

QUESTION         : 12 of 24
TITLE            : CAT II, V-214247, SV-214247r961095, SRG-APP-000211-WSR-000030
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:3901
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:3901
RULE             : Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.
QUESTION_TEXT    : Review the web server documentation and configuration to determine what web server accounts are available on the server.

Any directories or files owned by anyone other than an administrative service account is a finding. 

If non-privileged web server accounts are available with access to functions, directories, or files not needed for the role of the account, this is a finding.

References:
SV-102759
V-92671
CCI-001082
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 12 *******************************

QUESTION         : 13 of 24
TITLE            : CAT II, V-214249, SV-214249r961095, SRG-APP-000211-WSR-000129
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:4301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:4301
RULE             : The Apache web server must separate the hosted applications from hosted Apache web server management functionality.
QUESTION_TEXT    : Review the web server documentation and deployed configuration to determine whether hosted application functionality is separated from web server management functions.

If the functions are not separated, this is a finding.

References:
SV-102763
V-92675
CCI-001082
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 13 *******************************

QUESTION         : 14 of 24
TITLE            : CAT II, V-214254, SV-214254r961122, SRG-APP-000225-WSR-000140
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:5301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:5301
RULE             : The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
QUESTION_TEXT    : Interview the System Administrator for the Apache 2.4 web server.

Ask for documentation on the disaster recovery methods tested and planned for the Apache 2.4 web server in the event of the necessity for rollback.

If documentation for a disaster recovery has not been established, this is a finding.

References:
V-92695
SV-102783
CCI-001190
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 14 *******************************

QUESTION         : 15 of 24
TITLE            : CAT II, V-214259, SV-214259r961278, SRG-APP-000315-WSR-000004
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:6301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:6301
RULE             : The Apache web server must restrict inbound connections from nonsecure zones.
QUESTION_TEXT    : If external controls such as host-based firewalls are used to restrict this access, this check is Not Applicable.

Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:

# apachectl -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Note: The apachectl front end is the preferred method for locating the Apache httpd file. For some Linux distributions, "apache2ctl -V" or  "httpd -V" can also be used. 

Search for the "RequireAll" directive:

# cat /<path_to_file>/httpd.conf | grep -i "RequireAll"

If "RequireAll" is not configured, or IP ranges configured to allow are not restrictive enough to prevent connections from nonsecure zones, this is a finding.

References:
V-92709
SV-102797
CCI-002314
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 15 *******************************

QUESTION         : 16 of 24
TITLE            : CAT II, V-214260, SV-214260r961281, SRG-APP-000316-WSR-000170
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:6501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:6501
RULE             : The Apache web server must be configured to immediately disconnect or disable remote access to the hosted applications.
QUESTION_TEXT    : Interview the SA and Web Manager.

Ask for documentation for the Apache web server administration.

Verify there are documented procedures for shutting down an Apache website in the event of an attack. 

The procedure must, at a minimum, provide the following steps:

1. Determine the respective website for the application at risk of an attack.

2. Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:

# apachectl -V | egrep -i 'httpd_root|server_config_file|pidlog'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
-D DEFAULT_PIDLOG=”/run/httpd/httpd.pid”
 
3. Search for the PidFile runtime directive. (This example uses the combined results of HTTPD_ROOT and SERVER_CONFIG_FILE, above.) 

# grep -i pidfile /etc/httpd/conf/httpd.conf  

4. If this command returns a result, use this value in the kill command, otherwise, use the DEFAULT_PIDLOG value, above.

# kill -TERM `cat <FULLY-QUALIFIED_PIDFILE_FILENAME>`
Note: These should be documented steps, validators should not run kill commands while reviewing production systems.

If the web server is not capable of or cannot be configured to disconnect or disable remote access to the hosted applications when necessary, this is a finding.

References:
V-92711
SV-102799
CCI-002322
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 16 *******************************

QUESTION         : 17 of 24
TITLE            : CAT II, V-214261, SV-214261r961353, SRG-APP-000340-WSR-000029
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:6701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:6701
RULE             : Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.
QUESTION_TEXT    : Determine which tool or control file is used to control the configuration of the web server.

If the control of the web server is done via control files, verify who has update access to them. If tools are being used to configure the web server, determine who has access to execute the tools.

If accounts other than the System Administrator (SA), the Web Manager, or the Web Manager designees have access to the web administration tool or control files, this is a finding.

References:
V-92713
SV-102801
CCI-002235
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 17 *******************************

QUESTION         : 18 of 24
TITLE            : CAT II, V-214262, SV-214262r961392, SRG-APP-000357-WSR-000150
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:6901
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:6901
RULE             : The Apache web server must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the Apache web server.
QUESTION_TEXT    : Work with SIEM administrator to determine log storage capacity. 

If there is no setting within a SIEM to accommodate enough a large logging capacity, this is a finding.

References:
V-92715
SV-102803
CCI-001849
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 18 *******************************

QUESTION         : 19 of 24
TITLE            : CAT II, V-214263, SV-214263r961395, SRG-APP-000358-WSR-000063
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:7101
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:7101
RULE             : The Apache web server must not impede the ability to write specified log record content to an audit log server.
QUESTION_TEXT    : Work with SIEM administrator to determine audit configurations. 

If there is a setting within the SIEM that could impede the ability to write specific log record content, this is a finding.

References:
V-92717
SV-102805
CCI-001851
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 19 *******************************

QUESTION         : 20 of 24
TITLE            : CAT II, V-214264, SV-214264r961395, SRG-APP-000358-WSR-000163
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:7301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:7301
RULE             : The Apache web server must be configured to integrate with an organizations security infrastructure.
QUESTION_TEXT    : Work with the SIEM administrator to determine current security integrations. 

If the SIEM is not integrated with security, this is a finding.

References:
V-92719
SV-102807
CCI-001851
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 20 *******************************

QUESTION         : 21 of 24
TITLE            : CAT II, V-214266, SV-214266r961470, SRG-APP-000383-WSR-000175
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:7701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:7701
RULE             : The Apache web server must prohibit or restrict the use of nonsecure or unnecessary ports, protocols, modules, and/or services.
QUESTION_TEXT    : Review the website to determine if HTTP and HTTPs are used in accordance with well known ports (e.g., 80 and 443) or those ports and services as registered and approved for use by the DoD PPSM. Any variation in PPS will be documented, registered, and approved by the PPSM. If not, this is a finding.

References:
V-92727
SV-102815
CCI-001762
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 21 *******************************

QUESTION         : 22 of 24
TITLE            : CAT II, V-214267, SV-214267r961620, SRG-APP-000435-WSR-000147
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:7901
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:7901
RULE             : The Apache web server must be protected from being stopped by a non-privileged user.
QUESTION_TEXT    : Review the web server documentation and deployed configuration to determine where the process ID is stored and which utilities are used to start/stop the web server.

Locate the httpd.pid file and list its permission set and owner/group

# find / -name “httpd.pid
Output should be similar to: /run/httpd/httpd.pid 

# ls -laH /run/httpd/httpd.pid
Output should be similar -rw-r--r--. 1 root root 5 Jun 13 03:18 /run/httpd/httpd.pid

If the file owner/group is not an administrative service account, this is a finding.

If permission set is not 644 or more restrictive, this is a finding.
 
Verify the Apache service utilities (binaries) have the correct permission set and are user/group owned by an administrator account

# ls -laH /usr/sbin/service
Output should be similar: -rwxr-xr-x. 1 root root 3.2K Aug 19, 2019 /usr/sbin/service

# ls -laH /usr/sbin/apachectl
Output should be similar: -rwxr-xr-x. 1 root root 4.2K Oct 8, 2019 /usr/sbin/apachectl
 
If the service utilities owner/group is not an administrative service account, this is a finding.
 
If permission set is not 755 or more restrictive, this is a finding.

References:
V-92731
SV-102819
CCI-002385
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 22 *******************************

QUESTION         : 23 of 24
TITLE            : CAT II, V-214270, SV-214270r961683, SRG-APP-000456-WSR-000187
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:8501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:8501
RULE             : The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
QUESTION_TEXT    : Determine the most recent patch level of the Apache Web Server 2.4 software, as posted on the Apache HTTP Server Project website. If the Apache installation is a proprietary installation supporting an application and is supported by a vendor, determine the most recent patch level of the vendor’s installation.

In a command line, type "httpd -v".

If the version is more than one version behind the most recent patch level, this is a finding.


References:
SV-102837
V-92749
CCI-002605
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 23 *******************************

QUESTION         : 24 of 24
TITLE            : CAT II, V-214274, SV-214274r961863, SRG-APP-000516-WSR-000174
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:9301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:9301
RULE             : The Apache web server htpasswd files (if present) must reflect proper ownership and permissions.
QUESTION_TEXT    : Locate the htpasswd file by entering the following command:

find / -name htpasswd

Navigate to that directory.

Run: ls -l htpasswd

Permissions should be: r-x r - x - - - (550)

If permissions on "htpasswd" are greater than "550", this is a finding.

Verify the owner is the SA or Web Manager account.

If another account has access to this file, this is a finding.

References:
V-92757
SV-102845
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 24 *******************************

