Details
Making certain that the web server has not been updated by an unauthorized user is always a concern. Adding patches, functions, and modules that are untested and not part of the baseline opens the possibility for security risks. The web server must offer, and not hinder, a method that allows for the quick and easy reinstallation of a verified and patched baseline to guarantee the production web server is up-to-date and has not been modified to add functionality or expose security risks.
When the web server does not offer a method to roll back to a clean baseline, external methods, such as a baseline snapshot or virtualizing the web server, can be used.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Prepare documentation for disaster recovery methods for the Apache web server in the event of the necessity for rollback.
Document and test the disaster recovery methods designed.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.
References
- 800-53|SC-24
- CAT|II
- CCI|CCI-001190
- Rule-ID|SV-214289r612241_rule
- STIG-ID|AS24-U2-000540
- STIG-Legacy|SV-102885
- STIG-Legacy|V-92797
- Vuln-ID|V-214289