AS24-U1-000550 - The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.

Information

Determining a safe state for failure and weighing that against a potential denial of service for users depends on what type of application the web server is hosting. For an application presenting publicly available information that is not critical, a safe state for failure might be to shut down for any type of failure, but for an application that presents critical and timely information, a shutdown might not be the best state for all failures.

Performing a proper risk analysis of the hosted applications and configuring the web server according to what actions to take for each failure condition will provide a known fail safe state for the web server.

Satisfies: SRG-APP-000225-WSR-000140, SRG-APP-000225-WSR-000074

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Prepare documentation for disaster recovery methods for the Apache 2.4 web server in the event of the necessity for rollback.

Document and test the disaster recovery methods designed.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Server_2-4_Unix_Y24M07_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-24, CAT|II, CCI|CCI-001190, Rule-ID|SV-214254r961122_rule, STIG-ID|AS24-U1-000550, STIG-Legacy|SV-102783, STIG-Legacy|V-92695, Vuln-ID|V-214254

Plugin: Unix

Control ID: bffb9e250d1c85cb951dab009d37e3838726e5a5f550bf0da00de6c709c39e09