Detections
Analytics

DISA STIG Apache Site 2.2 Windows v1r12

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Apache Site 2.2 Windows v1r12

Updated: 6/3/2019

Authority: DISA STIG

Plugin: Windows

Revision: 1.5

Estimated Item Count: 45

File Details

Filename: DISA_STIG_Apache_Site-2.2_Windows_v1r12.audit

Size: 81.2 kB

MD5: 2576b469daddba2f1c7603953f931718
SHA256: f5fb455770b1f73b4a7e40d3eeae82e6bc535dfb0d95ff5ee9bd3fdd152327ae

Audit Items

DescriptionCategories
DISA_STIG_Apache_Site-2.2_Windows_v1r12.audit
WA00605 W22 - Error logging must be enabled.

AUDIT AND ACCOUNTABILITY

WA00612 W22 - The sites error logs must log the correct format.

AUDIT AND ACCOUNTABILITY

WA00615 W22 - System logging must be enabled - CustomLog

AUDIT AND ACCOUNTABILITY

WA00615 W22 - System logging must be enabled - ErrorLog

AUDIT AND ACCOUNTABILITY

WA00615 W22 - System logging must be enabled - log_config_module

CONFIGURATION MANAGEMENT

WA00620 W22 - The LogLevel directive must be enabled.

AUDIT AND ACCOUNTABILITY

WG110 W22 - The number of allowed simultaneous requests must be set.

SYSTEM AND COMMUNICATIONS PROTECTION

WG140 W22 - Private web servers must require certificates issued from a DoD-authorized Certificate Authority.

SYSTEM AND COMMUNICATIONS PROTECTION

WG170 W22 - Each readable web document directory must contain either a default, home, index, or equivalent file.

CONFIGURATION MANAGEMENT

WG205 W22 - The web document (home) directory must be in a separate partition from the web server's system files. 'CustomLog'

AUDIT AND ACCOUNTABILITY

WG205 W22 - The web document (home) directory must be in a separate partition from the web server's system files. 'DocumentRoot'

CONFIGURATION MANAGEMENT

WG205 W22 - The web document (home) directory must be in a separate partition from the web server's system files. 'ErrorLog'

AUDIT AND ACCOUNTABILITY

WG210 W22 - Web content directories must not be anonymously shared.

ACCESS CONTROL

WG230 W22 - Web server administration must be performed over a secure path or at the local console.

ACCESS CONTROL

WG235 W22 - Web Administrators must only use encrypted connections for Document Root directory uploads.
WG240 W22 - Logs of web server access and errors must be established and maintained.

CONFIGURATION MANAGEMENT

WG242 W22 - Log file data must contain required data elements.

AUDIT AND ACCOUNTABILITY

WG250 W22 - Log file access must be restricted to System Administrators, Web Administrators or Auditors.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

WG255 W22 - Access to the web server log files must be restricted to Administrators, web server, Web Manager, and Auditors.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

WG260 W22 - Only web sites that have been fully reviewed and tested must exist on a production web server.
WG265 W22 - The required DoD banner page must be displayed to authenticated users accessing a DoD private website.
WG290 W22 - The web client account access to the content and scripts directories must be limited to read and execute. 'Alias'

ACCESS CONTROL, CONFIGURATION MANAGEMENT

WG290 W22 - The web client account access to the content and scripts directories must be limited to read and execute. 'DocumentRoot'

ACCESS CONTROL, CONFIGURATION MANAGEMENT

WG290 W22 - The web client account access to the content and scripts directories must be limited to read and execute. 'ScriptAlias'

ACCESS CONTROL, CONFIGURATION MANAGEMENT

WG290 W22 - The web client account access to the content and scripts directories must be limited to read and execute. 'ScriptAliasMatch'

ACCESS CONTROL, CONFIGURATION MANAGEMENT

WG310 W22 - A web site must not contain a robots.txt file. 'Alias'

CONFIGURATION MANAGEMENT

WG310 W22 - A web site must not contain a robots.txt file. 'DocumentRoot'

CONFIGURATION MANAGEMENT

WG340 W22 - A private web server must utilize an approved TLS version.

SYSTEM AND COMMUNICATIONS PROTECTION

WG340 W22 - A private web server must utilize an approved TLS version. 'SSLEngine'

SYSTEM AND COMMUNICATIONS PROTECTION

WG342 W22 - Public web servers must use TLS if authentication is required.

SYSTEM AND COMMUNICATIONS PROTECTION

WG350 W22 - A private web server must have a valid DoD server certificate.
WG400 W22 - All interactive programs must be placed in a designated directory with appropriate permissions.

CONFIGURATION MANAGEMENT

WG410 W22 - Interactive scripts used on a web server must have proper access controls.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

WG430 W22 - Anonymous FTP user access to interactive scripts must be prohibited.
WG460 W22 - PERL scripts must use the TAINT option.
WG490 W22 - Java software on production web servers must be limited to class files and the JAVA virtual machine. 'Alias - *.java'

CONFIGURATION MANAGEMENT

WG490 W22 - Java software on production web servers must be limited to class files and the JAVA virtual machine. 'Alias - *.jpp'

CONFIGURATION MANAGEMENT

WG490 W22 - Java software on production web servers must be limited to class files and the JAVA virtual machine. 'DocumentRoot - *.java'

CONFIGURATION MANAGEMENT

WG490 W22 - Java software on production web servers must be limited to class files and the JAVA virtual machine. 'DocumentRoot - *.jpp'

CONFIGURATION MANAGEMENT

WG490 W22 - Java software on production web servers must be limited to class files and the JAVA virtual machine. 'ScriptAlias - *.java'

CONFIGURATION MANAGEMENT

WG490 W22 - Java software on production web servers must be limited to class files and the JAVA virtual machine. 'ScriptAlias - *.jpp'

CONFIGURATION MANAGEMENT

WG490 W22 - Java software on production web servers must be limited to class files and the JAVA virtual machine. 'ScriptAlias_Match - *.jpp'

CONFIGURATION MANAGEMENT

WG490 W22 - Java software on production web servers must be limited to JAVA virtual machine. 'ScriptAlias_Match - *.java'

CONFIGURATION MANAGEMENT

WG610 W22 - Web sites must utilize ports, protocols, and services according to PPSM guidelines.