Details
The Apache directories and files should be owned by root. This applies to all of the Apache software directories and files installed.
Rationale:
Restricting ownership of the Apache files and directories will reduce the probability of unauthorized modifications to those resources.
Solution
Perform the following:
Set ownership on the $APACHE_PREFIX directories such as /usr/local/apache2:
$ chown -R root $APACHE_PREFIX
Default Value:
Default ownership and group is a mixture of the user:group that built the software and root:root.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.