Details
The Apache web server has several remote communications channels. Examples are user requests via http/https, communication to a backend database, and communication to authenticate users. The encryption used to communicate must match the data that is being retrieved or presented.
Methods of communication are ‘http’ for publicly displayed information, ‘https’ to encrypt when user data is being transmitted, VPN tunneling, or other encryption methods to a database.
Satisfies: SRG-APP-000014-WSR-000006, SRG-APP-000015-WSR-000014, SRG-APP-000033-WSR-000169, SRG-APP-000172-WSR-000104, SRG-APP-000179-WSR-000110, SRG-APP-000179-WSR-000111, SRG-APP-000206-WSR-000128, SRG-APP-000429-WSR-000113, SRG-APP-000439-WSR-000151, SRG-APP-000439-WSR-000152, SRG-APP-000439-WSR-000156, SRG-APP-000441-WSR-000181, SRG-APP-000442-WSR-000182
Solution
Determine the location of the ‘HTTPD_ROOT’ directory and the ‘httpd.conf’ file:
# httpd -V | egrep -i ‘httpd_root|server_config_file’
-D HTTPD_ROOT=’/etc/httpd’
-D SERVER_CONFIG_FILE=’conf/httpd.conf’
Ensure the ‘SSLProtocol’ is added and looks like the following:
SSLProtocol -ALL +TLSv1.2
Restart Apache: apachectl restart
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Identification and Authentication, System and Communications Protection.This control applies to the following type of system Unix.
References
- 800-53|AC-3
- 800-53|AC-17(2)
- 800-53|IA-5(1)(c)
- 800-53|IA-7
- 800-53|SC-8
- 800-53|SC-8(2)
- 800-53|SC-18(1)
- 800-53|SC-28(1)
- CAT|II
- CCI|CCI-000068
- CCI|CCI-000197
- CCI|CCI-000213
- CCI|CCI-000803
- CCI|CCI-001166
- CCI|CCI-001453
- CCI|CCI-002418
- CCI|CCI-002420
- CCI|CCI-002422
- CCI|CCI-002476
- Rule-ID|SV-214278r612241_rule
- STIG-ID|AS24-U2-000030
- STIG-Legacy|SV-102851
- STIG-Legacy|V-92763
- Vuln-ID|V-214278