Directory access permissions should be restricted.

Information

The 'Options' Directive controls what extended web server functions are applied to directories and/or files. This feature should only be applied to the designated cgi-bin directory. The ExecCGI setting permits the execution of CGI scripts within the directory. The FollowSymLinks setting allows the server to follow symbolic links found in the directory. The Multiviews setting allows for multiple files to refer to the same request.
NOTE - User must check output for 'Options None'

Solution

Modify the directory access permissions in the httpd.conf file to explicitly deny any extended directory functions stated above.
Using 'None' with the Options directive disables all extended directory access permissions. An example of a safe setting is given below.

<Directory <'directory path'>>
Options None
AllowOverride None
Order allow, deny
Deny from all
</Directory>

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6

Plugin: Unix

Control ID: 5b261f438be39d9391e9b410d185a7162b8f795bd486ebf3db096c19a16e09f5