3.5 Ensure the Group Is Set Correctly on Apache Directories and Files

Information

The Apache directories and files should be set to have a group of root (or a root equivalent group). This applies to all the Apache software directories and files installed. The only expected exception is that the Apache web document root ('$APACHE_PREFIX/htdocs') is likely to need a designated group to allow web content to be updated (such as 'webupdate') through a change management process.

Rationale:

Securing Apache files and directories will reduce the probability of unauthorized modifications.

Solution

Perform the following:

Set the group on the $'APACHE_PREFIX' directories, such as '/usr/local/apache2':

$ chgrp -R root $APACHE_PREFIX

See Also

https://workbench.cisecurity.org/files/2378

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CSCv6|5, CSCv7|14.6

Plugin: Unix

Control ID: 0f12f8d5a6d81822f37a5f23ace3de6fc7a6b1c97004d2c1a0c21ddad1f00b81