3.5 Ensure the Group Is Set Correctly on Apache Directories and Files

Information

The Apache directories and files should be set to have a group of root (or a root equivalent group). This applies to all the Apache software directories and files installed. The only expected exception is that the Apache web document root ('$APACHE_PREFIX/htdocs') is likely to need a designated group to allow web content to be updated (such as 'webupdate') through a change management process.

Rationale:

Securing Apache files and directories will reduce the probability of unauthorized modifications.

Solution

Perform the following:

Set the group on the $'APACHE_PREFIX' directories, such as '/usr/local/apache2':

$ chgrp -R root $APACHE_PREFIX

See Also

https://workbench.cisecurity.org/files/2378