STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to APACHE 2.2 Server for UNIX Security Technical Implementation Guide

V-26322

CAT II (Medium)

The score board file must be properly secured.

Rule ID

SV-33223r2_rule

STIG

APACHE 2.2 Server for UNIX Security Technical Implementation Guide

Version

V1R11

CCIs

None

Discussion

The ScoreBoardfile directive sets a file path which the server will use for Inter-Process Communication (IPC) among the Apache processes. If the directive is specified, then Apache will use the configured file for the inter-process communication. Therefore if it is specified it needs to be located in a secure directory. If the ScoreBoardfile is placed in a writable directory, other accounts could create a denial of service attack and prevent the server from starting by creating a file with the same name, and or users could monitor and disrupt the communication between the processes by reading and writing to the file.

Check Content

To determine the location of the file enter the following command:

find / -name ScoreBoard.

To view the permissions on the file enter the following command:

ls -lL /path/of/ScoreBoard.

If the permissions on the file are not set to 644 or is configured to be less restrictive, this is a finding.

Fix Text

The scoreboard file is created when the server starts, and is deleted when it shuts down, set the permissions during the creation of the file.