Details
The permission on the Apache directories should be ‘rwxr-xr-x’ (755) and the file permissions should be similar, except not executable unless appropriate. This applies to all the Apache software directories and files installed, with the possible exception in some cases that a group with write access for the Apache web document root (‘$APACHE_PREFIX/htdocs’) may be needed to allow web content to be updated. In addition, the ‘/bin’ directory and executables should be set to not be readable by other.
Rationale:
None of the Apache files and directories, including the Web document root, should allow other write access. Other write access is likely to be very useful for unauthorized modification of web content, configuration files, and software.
Solution
Perform the following to remove other write access on the ‘$APACHE_PREFIX’ directories:
# chmod -R o-w $APACHE_PREFIX
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.