CGI-BIN directory should be disabled. 'Addmodule mod_cgi.c'

Information

CGI-BIN directory is used to host CGI pages. CGI if not properly configured can enable execution of malicious scripts on the server.

Solution

Disable CGI on websites that do not use any CGI scripts and programs. Comment out the following lines in httpd.conf file as shown below:
# LoadModule cgi_module modules/mod_cgi.so
# Loadmodule env_module modules/mod_env.so
# AddModule mod_env.c
# Addmodule mod_cgi.c
# ScriptAlias /cgi-bin/ '/var/www/cgi-bin/'
# <Directory '/var/www/cgi-bin'>
# AllowOverride None
# Options None
# Order allow, deny
# Allow from all
# </Directory>

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Unix

Control ID: 028e9911380a38466c49716689da88e62cd4f4fb4cdb88e147697bbb78983e2f