Mar 11, 2012 ... DISA Apache Linux Web Server Auditing. SecurityCenter 4 ... Web Server
Plugins and Patch Audit Summary ..............................................2.
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
TENABLE NETWORK SECURITY
DISA Apache Linux Web Server Auditing March 11, 2012 at 1:03pm CDT Dave Breslin [dbreslin] Confidential: The following report contains confidential information. Do not distribute, email, fax, or transfer via any electronic mechanism unless it has been approved by the recipient company's security policy. All copies and backups of this document should be saved on protected storage at all times. Do not share any of the information contained within this report with anyone unless they are authorized to view the information. Violating any of the previous instructions is grounds for termination.
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Table of Contents Configuration Audit Summary
..............................................................................................
Web Server Plugins and Patch Audit Summary
..............................................
Configuration Audit Details - Fails and Couldn't Execute 10.13.0.11 10.13.0.12 10.13.0.13 10.13.0.14
3
7
.................. .................................................................................................................................................................... 7 .................................................................................................................................................................... 8 .................................................................................................................................................................... 9 .................................................................................................................................................................. 10
Patch Audit Details - All Severity Levels 10.13.0.11 10.13.0.12 10.13.0.13 10.13.0.14
2
.................... .................................................................................................................................................................... 3 .................................................................................................................................................................... 4 .................................................................................................................................................................... 5 .................................................................................................................................................................... 6
Web Server Plugin Details - Info Severity Level Excluded 10.13.0.11 10.13.0.12 10.13.0.13 10.13.0.14
1
11
.............................................................. .................................................................................................................................................................. 11 .................................................................................................................................................................. 12 .................................................................................................................................................................. 13 .................................................................................................................................................................. 14
Table of Contents Tenable Network Security
i
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Configuration Audit Summary Compliance Checks. Info = Pass, Medium = Couldn't Execute, High = Fail Info
Med.
High
10.13.0.14
IP Address
web4.itsdept.com
DNS Name
94
7
5
10.13.0.13
web3.itsdept.com
99
2
5
10.13.0.12
web2.itsdept.com
91
8
7
10.13.0.11
web1.itsdept.com
100
2
4
Configuration Audit Summary Tenable Network Security
1
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Web Server Plugins and Patch Audit Summary Web Server Plugins. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10 Info
Low
Med.
High
Crit.
10.13.0.14
IP Address
web4.itsdept.com
DNS Name
3
0
2
0
0
10.13.0.13
web3.itsdept.com
3
0
2
0
0
10.13.0.12
web2.itsdept.com
3
0
2
0
0
10.13.0.11
web1.itsdept.com
3
0
2
0
0
Patch Audit. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10 Info
Low
Med.
High
Crit.
10.13.0.14
IP Address
web4.itsdept.com
DNS Name
0
0
1
5
0
10.13.0.13
web3.itsdept.com
0
0
1
5
0
10.13.0.12
web2.itsdept.com
0
0
1
5
0
10.13.0.11
web1.itsdept.com
0
0
1
5
0
Web Server Plugins and Patch Audit Summary Tenable Network Security
2
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Configuration Audit Details Fails and Couldn't Execute 10.13.0.11
DNS Name: web1.itsdept.com Last Scan: Feb 24, 2012 @ 2:31PM
Configuration Audit Details. Medium = Couldn't Execute, High = Fail Severity
Plugin Name
Medium
WG240 (V0002250) Logs of web server access and errors are not established and maintained. 'access_log'
Medium
WG240 (V0002250) Logs of web server access and errors are not established and maintained. 'error_log'
High
WG242 (V0013688) Log file data does not include the required data elements. 'LogFormat'
High
WG250 (V0002252) Users other than from the Auditors group have greater than read access to log files. '/usr/local/apache/ logs/*_log'
High
WG290 (V0002258) The web client account access to the content and scripts directories is not limited to read and execute. '/var/www/cgi-bin/*'
High
WG342 (V0013694) Public web servers that use SSL do not use the correct version to provide encrypted sessions.
Configuration Audit Details - Fails and Couldn't Execute Tenable Network Security
3
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
10.13.0.12
DNS Name: web2.itsdept.com Last Scan: Feb 24, 2012 @ 2:31PM
Configuration Audit Details. Medium = Couldn't Execute, High = Fail Severity
Plugin Name
High
WG300 (V0002259) Web server system files do not conform to minimum file permission requirements. '/etc/httpd/logs/*'
High
WG330 (V0002261) A public web server does not limit email to outbound only. 'sendmail'
High
WG520 (V0006724) Web server and/or operating system information is advertised.
Medium
WG205 (V0003333) The web document (home) directory is not in a separate partition from the web servers system files. 'DocumentRoot partition'
Medium
WG205 (V0003333) The web document (home) directory is not in a separate partition from the web servers system files. 'DocumentRoot != ServerRoot'
Medium
WG210 (V0002226) Web content directories anonymously shared via a network share. '/etc/exports contents'
Medium
WG210 (V0002226) Web content directories anonymously shared via a network share. '/etc/mnttab contents'
Medium
WG210 (V0002226) Web content directories anonymously shared via a network share. '/etc/dfs/sharetab contents'
Medium
WG240 (V0002250) Logs of web server access and errors are not established and maintained. 'access_log'
Medium
WG240 (V0002250) Logs of web server access and errors are not established and maintained. 'error_log'
High
WG242 (V0013688) Log file data does not include the required data elements. 'LogFormat'
High
WG250 (V0002252) Users other than from the Auditors group have greater than read access to log files. '/usr/local/apache/ logs/*_log'
High
WG290 (V0002258) The web client account access to the content and scripts directories is not limited to read and execute. '/var/www/html'
Medium High
WG430 (V0002270) Anonymous FTP users can access interactive scripts. WG342 (V0013694) Public web servers that use SSL do not use the correct version to provide encrypted sessions.
Configuration Audit Details - Fails and Couldn't Execute Tenable Network Security
4
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
10.13.0.13
DNS Name: web3.itsdept.com Last Scan: Feb 24, 2012 @ 2:31PM
Configuration Audit Details. Medium = Couldn't Execute, High = Fail Severity
Plugin Name
High
WA000-WWA022 (V0013725) The httpd.conf KeepAlive directive is not enabled.
High
WA000-WWA026 (V0013727) The httpd.conf StartServers directive is not set properly.
High
WA000-WWA030 (V0013729) The httpd.conf MaxSpareServers directive is not set properly.
Medium
WA000-WWA050 (V0013731) CGI-Bin directory or the directory that maintains CGI scripts is not the only directory to have the ExecCGI directive applied.
Medium
WA000-WWA052 (V0013732) The '-FollowSymLinks' directive is not used on all data directories.
High
WA000-WWA054 (V0013733) 'IncludesNOEXEC' directive is not enabled on any directory that maintains Server Side Includes. 'Includes (+|-)?IncludesNOEXEC'
High
WG342 (V0013694) Public web servers that use SSL do not use the correct version to provide encrypted sessions.
Configuration Audit Details - Fails and Couldn't Execute Tenable Network Security
5
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
10.13.0.14
DNS Name: web4.itsdept.com Last Scan: Feb 24, 2012 @ 2:31PM
Configuration Audit Details. Medium = Couldn't Execute, High = Fail Severity High
Plugin Name WA000-WWA022 (V0013725) The httpd.conf KeepAlive directive is not enabled.
Medium
WA000-WWA056 (V0013734) The MultiViews directive is used.
Medium
WA000-WWA058 (V0013735) 'Indexes' directive is not used on all data directories not containing a default index page unless the mod_autoindex module is disabled.
High
WA000-WWA060 (V0013736) The httpd.conf LimitRequestBody directive is set to unlimited.
High
WA230 (V0013613) site software used with the web server does not have all applicable security patches applied and documented.
Medium
WG200 (V0002247) Non-administrators are allowed access to the directory tree, the shell, or other operating system functions and utilities.
High
WG300 (V0002259) Web server system files do not conform to minimum file permission requirements. '/etc/httpd/*'
Medium
WG265 (V0006373) The approved DoD banner page is not in place on the web server.
Medium
WG350 (V0002263) A private web server that executes a web application does not have a DoD Certificate.
Medium
WG410 (V0002229) Interactive scripts do not have proper access controls.
Medium
WG430 (V0002270) Anonymous FTP users can access interactive scripts.
High
WG342 (V0013694) Public web servers that use SSL do not use the correct version to provide encrypted sessions.
Configuration Audit Details - Fails and Couldn't Execute Tenable Network Security
6
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Web Server Plugin Details - Info Severity Level Excluded 10.13.0.11
DNS Name: web1.itsdept.com
Web Server Plugin Details. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10 Plugin
Plugin Name HTTP TRACE / TRACK Methods Allowed
11213
Plugin 57792
Plugin Name Apache HTTP Server httpOnly Cookie Information Disclosure
Severity Medium
Port 443
Severity Medium
Yes
Port 443
Exploit?
Exploit? Yes
Web Server Plugin Details - Info Severity Level Excluded Tenable Network Security
7
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
10.13.0.12
DNS Name: web2.itsdept.com
Web Server Plugin Details. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10 Plugin
Plugin Name HTTP TRACE / TRACK Methods Allowed
11213
Plugin 57792
Plugin Name Apache HTTP Server httpOnly Cookie Information Disclosure
Severity Medium
Port 443
Severity Medium
Yes
Port 443
Exploit?
Exploit? Yes
Web Server Plugin Details - Info Severity Level Excluded Tenable Network Security
8
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
10.13.0.13
DNS Name: web3.itsdept.com
Web Server Plugin Details. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10 Plugin
Plugin Name HTTP TRACE / TRACK Methods Allowed
11213
Plugin 57792
Plugin Name Apache HTTP Server httpOnly Cookie Information Disclosure
Severity Medium
Port 443
Severity Medium
Yes
Port 443
Exploit?
Exploit? Yes
Web Server Plugin Details - Info Severity Level Excluded Tenable Network Security
9
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
10.13.0.14
DNS Name: web4.itsdept.com
Web Server Plugin Details. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10 Plugin
Plugin Name HTTP TRACE / TRACK Methods Allowed
11213
Plugin 57792
Plugin Name Apache HTTP Server httpOnly Cookie Information Disclosure
Severity Medium
Port 443
Severity Medium
Yes
Port 443
Exploit?
Exploit? Yes
Web Server Plugin Details - Info Severity Level Excluded Tenable Network Security
10
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
Patch Audit Details - All Severity Levels 10.13.0.11
DNS Name: web1.itsdept.com Last Scan: Feb 24, 2012 @ 2:31PM
Patch Audit Details. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10 Plugin
Severity
Plugin Name
57408
High
RHSA-2011-1851: krb5-devel
57481
High
RHSA-2012-0007: kernel
57492
High
RHSA-2012-0017: libxml2
57678
High
RHSA-2012-0060: openssl
57885
High
RHSA-2012-0107: kernel
57929
Medium
RHSA-2012-0126: glibc
Patch Audit Details - All Severity Levels Tenable Network Security
11
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
10.13.0.12
DNS Name: web2.itsdept.com Last Scan: Feb 24, 2012 @ 2:31PM
Patch Audit Details. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10 Plugin
Severity
Plugin Name
57408
High
RHSA-2011-1851: krb5-devel
57481
High
RHSA-2012-0007: kernel
57492
High
RHSA-2012-0017: libxml2
57678
High
RHSA-2012-0060: openssl
57885
High
RHSA-2012-0107: kernel
57929
Medium
RHSA-2012-0126: glibc
Patch Audit Details - All Severity Levels Tenable Network Security
12
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
10.13.0.13
DNS Name: web3.itsdept.com Last Scan: Feb 24, 2012 @ 2:31PM
Patch Audit Details. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10 Plugin
Severity
Plugin Name
57408
High
RHSA-2011-1851: krb5-devel
57481
High
RHSA-2012-0007: kernel
57492
High
RHSA-2012-0017: libxml2
57678
High
RHSA-2012-0060: openssl
57885
High
RHSA-2012-0107: kernel
57929
Medium
RHSA-2012-0126: glibc
Patch Audit Details - All Severity Levels Tenable Network Security
13
DISA Apache Linux Web Server Auditing
SecurityCenter 4 TENABLE NETWORK SECURITY INC., COPYRIGHT © 2012
10.13.0.14
DNS Name: web4.itsdept.com Last Scan: Feb 24, 2012 @ 2:31PM
Patch Audit Details. CVSS Ranges; Low = 0.1 - 3.9, Medium = 4.0 - 6.9, High = 7.0 - 9.9, Critical = 10 Plugin
Severity
Plugin Name
57408
High
RHSA-2011-1851: krb5-devel
57481
High
RHSA-2012-0007: kernel
57492
High
RHSA-2012-0017: libxml2
57678
High
RHSA-2012-0060: openssl
57885
High
RHSA-2012-0107: kernel
57929
Medium
RHSA-2012-0126: glibc
Patch Audit Details - All Severity Levels Tenable Network Security
14
![PDF[EPUB] Linux Apache Web Server Administration - Google Sites](https://m.moam.info/img/260x300/pdfepub-linux-apache-web-server-administration-goo_6478831d097c4737708ce341.jpg)
