Details

Directory options directives are directives that can be applied to further restrict access to file and directories. The Options directive controls which server features are available in a particular directory. The ExecCGI option controls the execution of CGI scripts using mod_cgi. This needs to be restricted to only the directory intended for script execution.

Solution

Locate any cgi-bin files and directories enabled in the Apache configuration via Script, ScriptAlias or other Script* directives.

Remove the printenv default CGI in cgi-bin directory if it is installed.

rm $APACHE_PREFIX/cgi-bin/printenv.

Remove the test-cgi file from the cgi-bin directory if it is installed.

rm $APACHE_PREFIX/cgi-bin/test-cgi.

Review and remove any other cgi-bin files which are not needed for business purposes.

Supportive Information

The following resource is also helpful.

• https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_UNIX_V1R11_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-7b.
• CAT|II
• CSCv6|9.1
• Rule-ID|SV-32763r2_rule
• STIG-ID|WA000-WWA050_A22
• Vuln-ID|V-13731

Source

• Tenable.com/audits