17:["$","div",null,{"className":"mx-auto max-w-7xl px-6 py-10","children":[["$","div",null,{"className":"mb-2","children":["$","$L2",null,{"href":"/stigs","className":"text-link text-sm hover:underline","children":"← Back to STIGs"}]}],["$","div",null,{"className":"mb-6 flex flex-wrap items-center gap-3","children":[["$","h1",null,{"className":"font-display text-3xl font-bold","children":"Oracle HTTP Server 12.1.3 Security Technical Implementation Guide"}],false,["$","$L21",null,{}]]}],["$","section",null,{"className":"border-border bg-surface mb-8 rounded-lg border p-6","children":[["$","div",null,{"className":"grid grid-cols-2 gap-4 sm:grid-cols-5","children":[["$","div",null,{"children":[["$","p",null,{"className":"text-text-muted text-xs","children":"Version"}],["$","p",null,{"className":"font-semibold","children":["V","2","R","3"]}]]}],["$","div",null,{"children":[["$","p",null,{"className":"text-text-muted text-xs","children":"Release Date"}],["$","p",null,{"className":"font-semibold","children":"Feb 6, 2025"}]]}],["$","div",null,{"className":"min-w-0","children":[["$","p",null,{"className":"text-text-muted text-xs","children":"SCAP Benchmark ID"}],["$","p",null,{"className":"truncate font-mono text-sm","title":"Oracle_HTTP_Server_12-1-3_STIG","children":"Oracle_HTTP_Server_12-1-3_STIG"}]]}],["$","div",null,{"children":[["$","p",null,{"className":"text-text-muted text-xs","children":"Total Checks"}],["$","p",null,{"className":"font-semibold","children":280}]]}],["$","div",null,{"children":[["$","p",null,{"className":"text-text-muted text-xs","children":"Tags"}],["$","div",null,{"className":"flex flex-wrap gap-1","children":[["$","span","other",{"className":"bg-tag-bg text-tag-text rounded-full px-2 py-0.5 text-xs","children":"other"}]]}]]}]]}],["$","div",null,{"className":"mt-4 flex gap-4","children":[["$","span",null,{"className":"bg-severity-high-bg text-severity-high-text rounded px-3 py-1 text-sm font-medium","children":["CAT I: ",22]}],["$","span",null,{"className":"bg-severity-medium-bg text-severity-medium-text rounded px-3 py-1 text-sm font-medium","children":["CAT II: ",226]}],["$","span",null,{"className":"bg-severity-low-bg text-severity-low-text rounded px-3 py-1 text-sm font-medium","children":["CAT III: ",32]}]]}],["$","p",null,{"className":"text-text-secondary mt-4 text-sm","children":"This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil."}],["$","div",null,{"className":"mt-4 flex flex-wrap gap-3","children":[["$","a",null,{"href":"/api/export/checklist?stigTitle=Oracle%20HTTP%20Server%2012.1.3%20Security%20Technical%20Implementation%20Guide&format=ckl","className":"text-text-primary hover:bg-surface-hover border-border rounded border px-3 py-1 text-sm","children":"Export CKL"}],["$","a",null,{"href":"/api/export/checklist?stigTitle=Oracle%20HTTP%20Server%2012.1.3%20Security%20Technical%20Implementation%20Guide&format=csv","className":"text-text-primary hover:bg-surface-hover border-border rounded border px-3 py-1 text-sm","children":"Export CSV"}],["$","a",null,{"href":"/api/export/checklist?stigTitle=Oracle%20HTTP%20Server%2012.1.3%20Security%20Technical%20Implementation%20Guide&format=json","className":"text-text-primary hover:bg-surface-hover border-border rounded border px-3 py-1 text-sm","children":"Export JSON"}],["$","a",null,{"href":"https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_HTTP_Server_12-1-3_V2R3_STIG.zip","target":"_blank","rel":"noopener noreferrer","className":"bg-link/10 text-link hover:bg-link/20 border-link/30 rounded border px-3 py-1 text-sm font-medium","children":"Download STIG ZIP"}]]}]]}],["$","$L22",null,{"checks":[{"id":"d07c9ccd-36e8-4ba8-99f1-7f6e3434c0c4","vulnId":"V-221272","severity":"medium","ruleTitle":"OHS must have the mpm property set to use the worker Multi-Processing Module (MPM) as the preferred means to limit the number of allowed simultaneous requests.","description":"Web server management includes the ability to control the number of users and user sessions that utilize a web server. Limiting the number of allowed users and sessions per user is helpful in limiting risks related to several types of Denial of Service attacks. \n\nAlthough there is some latitude concerning the settings themselves, the settings should follow DoD-recommended values, but the settings should be configurable to allow for future DoD direction. While the DoD will specify recommended values, the values can be adjusted to accommodate the operational requirement of a given system.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//ohs.plugins.nodemanager.properties file with an editor.\n\n2. Search for the \"mpm\" property.\n\n3. If the \"mpm\" property is omitted or commented out, this is a finding.\n\n4. If the \"mpm\" property is not set to \"worker\", this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//ohs.plugins.nodemanager.properties with an editor.\n\n2. Set the \"mpm\" property to a value of \"worker\", add the property if it does not exist."},{"id":"08cff213-3f99-4a38-a268-b64d3e4df95d","vulnId":"V-221273","severity":"medium","ruleTitle":"OHS must have the mpm_prefork_module directive disabled so as not conflict with the worker directive used to limit the number of allowed simultaneous requests.","description":"Web server management includes the ability to control the number of users and user sessions that utilize a web server. Limiting the number of allowed users and sessions per user is helpful in limiting risks related to several types of Denial of Service attacks. \n\nAlthough there is some latitude concerning the settings themselves, the settings should follow DoD-recommended values, but the settings should be configurable to allow for future DoD direction. While the DoD will specify recommended values, the values can be adjusted to accommodate the operational requirement of a given system.","checkContent":"1. Open the $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf file with an editor.\n\n2. Search for the \"\" directive at the OHS server configuration scope.\n\n3. If this directive is found and not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"\" directive at the OHS server configuration scope.\n\n3. Comment out the \"\" directive and any directives that it contains."},{"id":"d1dff81d-1e13-4713-bb76-e61ea8a1b236","vulnId":"V-221274","severity":"medium","ruleTitle":"OHS must have the MaxClients directive defined to limit the number of allowed simultaneous requests.","description":"Web server management includes the ability to control the number of users and user sessions that utilize a web server. Limiting the number of allowed users and sessions per user is helpful in limiting risks related to several types of Denial of Service attacks. \n\nAlthough there is some latitude concerning the settings themselves, the settings should follow DoD-recommended values, but the settings should be configurable to allow for future DoD direction. While the DoD will specify recommended values, the values can be adjusted to accommodate the operational requirement of a given system.","checkContent":"1. Open the $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf file with an editor.\n\n2. Search for the \"MaxClients\" directive within \"\" directive at the OHS server configuration scope.\n\n3. If \"MaxClients\" is omitted or set greater than \"2000\", this is a finding.\n\nNote: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of a higher value. If the site has this documentation, this should be marked as not a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"MaxClients\" directive within \"\" directive at the OHS server configuration scope.\n\n3. Within the \"\" directive, set the \"MaxClients\" directive to \"2000\" or less, add the directive if it does not exist.\n\nNote: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of a higher value."},{"id":"9055f294-7225-48b6-afbb-332c6beb7f82","vulnId":"V-221275","severity":"medium","ruleTitle":"OHS must limit the number of threads within a worker process to limit the number of allowed simultaneous requests.","description":"Web server management includes the ability to control the number of users and user sessions that utilize a web server. Limiting the number of allowed users and sessions per user is helpful in limiting risks related to several types of Denial of Service attacks. \n\nAlthough there is some latitude concerning the settings themselves, the settings should follow DoD-recommended values, but the settings should be configurable to allow for future DoD direction. While the DoD will specify recommended values, the values can be adjusted to accommodate the operational requirement of a given system.","checkContent":"1. Open the $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf file with an editor.\n\n2. Search for the \"ThreadsPerChild\" directive within \"\" directive at the OHS server configuration scope.\n\n3. If \"ThreadsPerChild\" is omitted or set greater than \"25\", this is a finding.\n\n4. Search for the \"ThreadLimit\" directive within \"\" directive at the OHS server configuration scope.\n\n5. If \"ThreadLimit\" is omitted or set greater than \"64\", this is a finding.\n\nNote: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of a higher value. If the site has this documentation, this should be marked as not a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"ThreadsPerChild\" directive within \"\" directive at the OHS server configuration scope.\n\n3. Within the \"\" directive, set the \"ThreadsPerChild\" directive to \"25\", add the directive if it does not exist.\n\n4. Search for the \"ThreadLimit\" directive within \"\" directive at the OHS server configuration scope.\n\n5. Within the \"\" directive, set the \"ThreadLimit\" directive to \"64\", add the directive if it does not exist.\n\nNote: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of a higher value."},{"id":"ed408b26-2f9a-4d11-829b-e53503533bbf","vulnId":"V-221276","severity":"medium","ruleTitle":"OHS must limit the number of worker processes to limit the number of allowed simultaneous requests.","description":"Web server management includes the ability to control the number of users and user sessions that utilize a web server. Limiting the number of allowed users and sessions per user is helpful in limiting risks related to several types of Denial of Service attacks. \n\nAlthough there is some latitude concerning the settings themselves, the settings should follow DoD-recommended values, but the settings should be configurable to allow for future DoD direction. While the DoD will specify recommended values, the values can be adjusted to accommodate the operational requirement of a given system.","checkContent":"1. Open the $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf file with an editor.\n\n2. Search for the \"ServerLimit\" directive within \"\" directive at the OHS server configuration scope.\n\n3. If \"ServerLimit\" is omitted or set greater than the maximum of \"16\" and the calculation of \"MaxClients\"/\"ThreadsPerChild\", this is a finding.\n\nNote: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of a higher value. If the site has this documentation, this should be marked as not a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"ServerLimit\" directive within \"\" directive at the OHS server configuration scope.\n\n3. Within the \"\" directive, set the \"ServerLimit\" directive to the maximum of \"16\" and the calculation of \"MaxClients\"/\"ThreadsPerChild\" immediately before the \"MaxClients\" directive, add the directive if it does not exist.\n\nNote: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of a higher value."},{"id":"6d6bda44-aaf5-4eea-bf09-75d8e55ba256","vulnId":"V-221277","severity":"high","ruleTitle":"OHS must have the LoadModule ossl_module directive enabled to encrypt remote connections in accordance with the categorization of data hosted by the web server.","description":"The web server has several remote communications channels. Examples are user requests via http/https, communication to a backend database, or communication to authenticate users. The encryption used to communicate must match the data that is being retrieved or presented.\n\nMethods of communication are http for publicly displayed information, https to encrypt when user data is being transmitted, VPN tunneling, or other encryption methods to a database.","checkContent":"1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule ossl_module\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted, this is a finding.\n\n4. Validate that the file specified exists. If the file does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule ossl_module\" directive at the OHS server configuration scope.\n\n3. Set the \"LoadModule ossl_module\" directive to\"\"${PRODUCT_HOME}/modules/mod_ossl.so\"\", add the directive if it does not exist."},{"id":"0b1dba5a-1de6-49fe-9201-19169b859bbf","vulnId":"V-221278","severity":"high","ruleTitle":"OHS must have the SSLFIPS directive enabled to encrypt remote connections in accordance with the categorization of data hosted by the web server.","description":"The web server has several remote communications channels. Examples are user requests via http/https, communication to a backend database, or communication to authenticate users. The encryption used to communicate must match the data that is being retrieved or presented.\n\nMethods of communication are http for publicly displayed information, https to encrypt when user data is being transmitted, VPN tunneling, or other encryption methods to a database.","checkContent":"1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//ssl.conf with an editor.\n\n2. Search for the \"SSLFIPS\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted or is not set to \"On\", this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//ssl.conf with an editor.\n\n2. Search for the \"SSLFIPS\" directive at the OHS server configuration scope.\n\n3. Set the \"SSLFIPS\" directive to \"On\", add the directive if it does not exist."},{"id":"7e28c6c4-c439-48cc-9c20-a4c8c16bd2fe","vulnId":"V-221279","severity":"medium","ruleTitle":"OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to encrypt remote connections in accordance with the categorization of data hosted by the web server.","description":"The web server has several remote communications channels. Examples are user requests via http/https, communication to a backend database, or communication to authenticate users. The encryption used to communicate must match the data that is being retrieved or presented.\n\nMethods of communication are http for publicly displayed information, https to encrypt when user data is being transmitted, VPN tunneling, or other encryption methods to a database.","checkContent":"1. As required, open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor that requires an SSL-enabled \"\" directive.\nNote: Does not apply to admin.conf.\n\n2. Search for the following directive at the OHS server, virtual host, and/or directory configuration scopes:\n\"SSLEngine\"\n\"SSLProtocol\"\n\"SSLWallet\"\n\n3. If any of these directives are omitted, this is a finding.\n\n4. If \"SSLEngine\" is not set to \"On\", or \"SSLProtocol\" is not set to \"TLSv1.2\", this is a finding.\n\n5. Validate that the folder specified in the \"SSLWallet\" directive exists. If the folder does not exist or contain a valid wallet, this is a finding.","fixText":"$23"},{"id":"b302cd39-638e-43f7-95bf-13973fffcd1d","vulnId":"V-221280","severity":"high","ruleTitle":"OHS must have the SSLCipherSuite directive enabled to encrypt remote connections in accordance with the categorization of data hosted by the web server.","description":"The web server has several remote communications channels. Examples are user requests via http/https, communication to a backend database, or communication to authenticate users. The encryption used to communicate must match the data that is being retrieved or presented.\n\nMethods of communication are http for publicly displayed information, https to encrypt when user data is being transmitted, VPN tunneling, or other encryption methods to a database.","checkContent":"1. As required, open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor that requires an SSL-enabled \"\" directive.\nNote: Does not apply to admin.conf.\n\n2. Search for the \"SSLCipherSuite\" directive at the OHS server, virtual host, and/or directory configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding.","fixText":"$24"},{"id":"b28f87b9-5100-4422-bc2d-adacfd761b0d","vulnId":"V-221281","severity":"high","ruleTitle":"OHS must have the LoadModule ossl_module directive enabled to protect the integrity of remote sessions in accordance with the categorization of data hosted by the web server.","description":"Data exchanged between the user and the web server can range from static display data to credentials used to log into the hosted application. Even when data appears to be static, the non-displayed logic in a web page may expose business logic or trusted system relationships. The integrity of all the data being exchanged between the user and web server must always be trusted. To protect the integrity and trust, encryption methods should be used to protect the complete communication session.","checkContent":"1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule ossl_module\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted, this is a finding.\n\n4. Validate that the file specified exists. If the file does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule ossl_module\" directive at the OHS server configuration scope.\n\n3. Set the \"LoadModule ossl_module\" directive to\"\"${PRODUCT_HOME}/modules/mod_ossl.so\"\", add the directive if it does not exist."},{"id":"c75b8299-be24-435a-9738-df96d46d58fb","vulnId":"V-221282","severity":"high","ruleTitle":"OHS must have the SSLFIPS directive enabled to protect the integrity of remote sessions in accordance with the categorization of data hosted by the web server.","description":"Data exchanged between the user and the web server can range from static display data to credentials used to log into the hosted application. Even when data appears to be static, the non-displayed logic in a web page may expose business logic or trusted system relationships. The integrity of all the data being exchanged between the user and web server must always be trusted. To protect the integrity and trust, encryption methods should be used to protect the complete communication session.","checkContent":"1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//ssl.conf with an editor.\n\n2. Search for the \"SSLFIPS\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted or is not set to \"On\", this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//ssl.conf with an editor.\n\n2. Search for the \"SSLFIPS\" directive at the OHS server configuration scope.\n\n3. Set the \"SSLFIPS\" directive to \"On\", add the directive if it does not exist."},{"id":"77435666-86ff-432b-94ab-e600db64ead3","vulnId":"V-221283","severity":"high","ruleTitle":"OHS must have the SSLEngine, SSLProtocol, and SSLWallet directives enabled and configured to protect the integrity of remote sessions in accordance with the categorization of data hosted by the web server.","description":"Data exchanged between the user and the web server can range from static display data to credentials used to log into the hosted application. Even when data appears to be static, the non-displayed logic in a web page may expose business logic or trusted system relationships. The integrity of all the data being exchanged between the user and web server must always be trusted. To protect the integrity and trust, encryption methods should be used to protect the complete communication session.","checkContent":"1. As required, open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor that requires an SSL-enabled \"\" directive.\nNote: Does not apply to admin.conf.\n\n2. Search for the following directive at the OHS server, virtual host, and/or directory configuration scopes:\n\"SSLEngine\"\n\"SSLProtocol\"\n\"SSLWallet\"\n\n3. If any of these directives are omitted, this is a finding.\n\n4. If \"SSLEngine\" is not set to \"On\", or \"SSLProtocol\" is not set to \"TLSv1.2\", this is a finding.\n\n5. Validate that the folder specified in the \"SSLWallet\" directive exists. If the folder does not exist or contain a valid wallet, this is a finding.","fixText":"$25"},{"id":"2f24fe9a-3b1d-4e35-97dd-5ad7497403bf","vulnId":"V-221284","severity":"high","ruleTitle":"OHS must have the SSLCipherSuite directive enabled to protect the integrity of remote sessions in accordance with the categorization of data hosted by the web server.","description":"Data exchanged between the user and the web server can range from static display data to credentials used to log into the hosted application. Even when data appears to be static, the non-displayed logic in a web page may expose business logic or trusted system relationships. The integrity of all the data being exchanged between the user and web server must always be trusted. To protect the integrity and trust, encryption methods should be used to protect the complete communication session.","checkContent":"1. As required, open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor that requires an SSL-enabled \"\" directive.\n\n2. Search for the \"SSLCipherSuite\" directive at the OHS server, virtual host, and/or directory configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding.","fixText":"$26"},{"id":"0cac405a-2a05-45c5-a0f6-f325217284bf","vulnId":"V-221285","severity":"medium","ruleTitle":"OHS must have the SecureProxy directive enabled to protect the integrity of remote sessions when integrated with WebLogic in accordance with the categorization of data hosted by the web server.","description":"Data exchanged between the user and the web server can range from static display data to credentials used to log into the hosted application. Even when data appears to be static, the non-displayed logic in a web page may expose business logic or trusted system relationships. The integrity of all the data being exchanged between the user and web server must always be trusted. To protect the integrity and trust, encryption methods should be used to protect the complete communication session.","checkContent":"If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL:\n\n1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor that contains an SSL-enabled \"\" directive.\n\n2. Search for the \"SecureProxy\" directive within an \"\" at the virtual host configuration scope.\n\n3. If the directive is omitted or is not set to \"On\", this is a finding.","fixText":"1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor that contains an SSL-enabled \"\" directive.\n\n2. Search for the \"SecureProxy\" directive within an \"\" at the virtual host configuration scope.\n\n3. Set the \"SecureProxy\" directive to \"On\", add the directive if it does not exist."},{"id":"b80e685a-e037-443b-8b73-ee897f88e8fb","vulnId":"V-221286","severity":"medium","ruleTitle":"OHS must have the WLSSLWallet directive enabled to protect the integrity of remote sessions when integrated with WebLogic in accordance with the categorization of data hosted by the web server.","description":"Data exchanged between the user and the web server can range from static display data to credentials used to log into the hosted application. Even when data appears to be static, the non-displayed logic in a web page may expose business logic or trusted system relationships. The integrity of all the data being exchanged between the user and web server must always be trusted. To protect the integrity and trust, encryption methods should be used to protect the complete communication session.","checkContent":"If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL:\n\n1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor that contains an SSL-enabled \"\" directive.\n\n2. Search for the \"WLSSLWallet\" directive within an \"\" at the virtual host configuration scope.\n\n3. If the directive is omitted or is not set to a folder containing a valid wallet, this is a finding.","fixText":"1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor that contains an SSL-enabled \"\" directive.\n\n2. Search for the \"WLSSLWallet\" directive within an \"\" at the virtual host configuration scope.\n\n3. Set the \"WLSSLWallet\" directive to the location (i.e., folder within $DOMAIN_HOME/config/fmwconfig/components/OHS/instances//keystores) of the Oracle wallet created via orapki with AES Encryption (-compat_v12 parameters) that contains the certificate chain served by the WebLogic host/port combination, add the directive if it does not exist."},{"id":"9a942065-31c3-4b7b-90c8-be7997faece5","vulnId":"V-221287","severity":"medium","ruleTitle":"OHS must have the WebLogicSSLVersion directive enabled to protect the integrity of remote sessions when integrated with WebLogic in accordance with the categorization of data hosted by the web server.","description":"Data exchanged between the user and the web server can range from static display data to credentials used to log into the hosted application. Even when data appears to be static, the non-displayed logic in a web page may expose business logic or trusted system relationships. The integrity of all the data being exchanged between the user and web server must always be trusted. To protect the integrity and trust, encryption methods should be used to protect the complete communication session.","checkContent":"If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL:\n\n1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor that contains an SSL-enabled \"\" directive.\n\n2. Search for the \"WebLogicSSLVersion\" directive within an \"\" at the virtual host configuration scope.\n\n3. If the directive is omitted or is not set to \"TLSv1.2\", this is a finding.","fixText":"1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor that contains an SSL-enabled \"\" directive.\n\n2. Search for the \"WebLogicSSLVersion\" directive within an \"\" at the virtual host configuration scope.\n\n3. Set the \"WebLogicSSLVersion\" directive to \"TLSv1_2\", add the directive if it does not exist."},{"id":"16cfab1e-3fe9-4041-a2ad-07ec358f3cd0","vulnId":"V-221288","severity":"medium","ruleTitle":"OHS must have the WLProxySSL directive enabled to protect the integrity of remote sessions when integrated with WebLogic in accordance with the categorization of data hosted by the web server.","description":"Data exchanged between the user and the web server can range from static display data to credentials used to log into the hosted application. Even when data appears to be static, the non-displayed logic in a web page may expose business logic or trusted system relationships. The integrity of all the data being exchanged between the user and web server must always be trusted. To protect the integrity and trust, encryption methods should be used to protect the complete communication session.","checkContent":"If using the WebLogic Web Server Proxy Plugin and configuring SSL termination at OHS:\n\n1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor that contains an SSL-enabled \"\" directive.\n\n2. Search for the \"WLProxySSL\" directive within an \"\" at the virtual host configuration scope.\n\n3. If the directive is omitted or is not set to \"On\", this is a finding.","fixText":"1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor that contains an SSL-enabled \"\" directive.\n\n2. Search for the \"WLProxySSL\" directive within an \"\" at the virtual host configuration scope.\n\n3. Set the \"WLProxySSL\" directive to \"On\", add the directive if it does not exist."},{"id":"e9abc4af-1854-4aa3-9884-939602f53991","vulnId":"V-221289","severity":"medium","ruleTitle":"OHS must have the LoadModule log_config_module directive enabled to generate information to be used by external applications or entities to monitor and control remote access.","description":"Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions. \n\nBy providing remote access information to an external monitoring system, the organization can monitor for cyber attacks and monitor compliance with remote access policies. The organization can also look at data organization wide and determine an attack or anomaly is occurring on the organization which might not be noticed if the data were kept local to the web server.\n\nExamples of external applications used to monitor or control access would be audit log monitoring systems, dynamic firewalls, or infrastructure monitoring systems.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule log_config_module\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted, this is a finding.\n\n4. Validate that the file specified exists. If the file does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule log_config_module\" directive at the OHS server configuration scope.\n\n3. Set the \"LoadModule log_config_module\" directive to \"\"${PRODUCT_HOME}/modules/mod_log_config.so\"\", add the directive if it does not exist."},{"id":"00fe51c2-eb22-49f2-82ed-df3900f81bb2","vulnId":"V-221290","severity":"medium","ruleTitle":"OHS must have the OraLogMode set to Oracle Diagnostic Logging text mode to generate information to be used by external applications or entities to monitor and control remote access.","description":"Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions. \n\nBy providing remote access information to an external monitoring system, the organization can monitor for cyber attacks and monitor compliance with remote access policies. The organization can also look at data organization wide and determine an attack or anomaly is occurring on the organization which might not be noticed if the data were kept local to the web server.\n\nExamples of external applications used to monitor or control access would be audit log monitoring systems, dynamic firewalls, or infrastructure monitoring systems.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogMode\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted or is not set to \"odl-text\", this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogMode\" directive at the OHS server configuration scope.\n\n3. Set the \"OraLogMode\" directive to \"odl-text\", add the directive if it does not exist."},{"id":"0a95bdfc-78a1-409a-a3cf-5d7d0f49ae85","vulnId":"V-221291","severity":"medium","ruleTitle":"OHS must have a log directory location defined to generate information for use by external applications or entities to monitor and control remote access.","description":"Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions. \n\nBy providing remote access information to an external monitoring system, the organization can monitor for cyber attacks and monitor compliance with remote access policies. The organization can also look at data organization wide and determine an attack or anomaly is occurring on the organization which might not be noticed if the data were kept local to the web server.\n\nExamples of external applications used to monitor or control access would be audit log monitoring systems, dynamic firewalls, or infrastructure monitoring systems.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogDir\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted, this is a finding.\n\n4. Validate that the folder specified exists. If the folder does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogDir\" directive at the OHS server configuration scope.\n\n3. Set the \"OraLogDir\" directive to an appropriate, protected location on a partition with sufficient space that is different from the partition on which the OHS software is installed; add the directive if it does not exist."},{"id":"82aabd7a-249c-4208-9f6c-38688f7e22b3","vulnId":"V-221292","severity":"medium","ruleTitle":"OHS must have the OraLogSeverity directive defined to generate adequate information to be used by external applications or entities to monitor and control remote access.","description":"Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions. \n\nBy providing remote access information to an external monitoring system, the organization can monitor for cyber attacks and monitor compliance with remote access policies. The organization can also look at data organization wide and determine an attack or anomaly is occurring on the organization which might not be noticed if the data were kept local to the web server.\n\nExamples of external applications used to monitor or control access would be audit log monitoring systems, dynamic firewalls, or infrastructure monitoring systems.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogSeverity\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted or is not set to \"NOTIFICATION:32\", this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogSeverity\" directive at the OHS server configuration scope.\n\n3. Set the \"OraLogSeverity\" directive to \"NOTIFICATION:32\", add the directive if it does not exist."},{"id":"f84bece0-ad1c-40c2-80b6-3154e0652319","vulnId":"V-221293","severity":"medium","ruleTitle":"OHS must have the log rotation parameter set to allow generated information to be used by external applications or entities to monitor and control remote access.","description":"Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions. \n\nBy providing remote access information to an external monitoring system, the organization can monitor for cyber attacks and monitor compliance with remote access policies. The organization can also look at data organization wide and determine an attack or anomaly is occurring on the organization which might not be noticed if the data were kept local to the web server.\n\nExamples of external applications used to monitor or control access would be audit log monitoring systems, dynamic firewalls, or infrastructure monitoring systems.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogRotationParams\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted or set improperly, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogRotationParams\" directive at the OHS server configuration scope.\n\n3. As required, set the \"OraLogRotationParams\" directive to satisfy the NIST 800-92 logging requirements, add the directive if it does not exist."},{"id":"7005abec-d008-4b21-a5eb-0d9b1d2ef0da","vulnId":"V-221294","severity":"medium","ruleTitle":"OHS must have a log format defined to generate adequate information to be used by external applications or entities to monitor and control remote access.","description":"Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions. \n\nBy providing remote access information to an external monitoring system, the organization can monitor for cyber attacks and monitor compliance with remote access policies. The organization can also look at data organization wide and determine an attack or anomaly is occurring on the organization which might not be noticed if the data were kept local to the web server.\n\nExamples of external applications used to monitor or control access would be audit log monitoring systems, dynamic firewalls, or infrastructure monitoring systems.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i\" dod\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"366e0e2d-34fe-404d-a8e3-d9de0788ba54","vulnId":"V-221295","severity":"medium","ruleTitle":"OHS must have a SSL log format defined to allow generated information to be used by external applications or entities to monitor and control remote access in accordance with the categorization of data hosted by the web server.","description":"Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions. \n\nBy providing remote access information to an external monitoring system, the organization can monitor for cyber attacks and monitor compliance with remote access policies. The organization can also look at data organization wide and determine an attack or anomaly is occurring on the organization which might not be noticed if the data were kept local to the web server.\n\nExamples of external applications used to monitor or control access would be audit log monitoring systems, dynamic firewalls, or infrastructure monitoring systems.","checkContent":"1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"1e52645f-c64f-4b06-8e59-b1a75c3ceaff","vulnId":"V-221296","severity":"medium","ruleTitle":"OHS must have a log file defined for each site/virtual host to capture information to be used by external applications or entities to monitor and control remote access.","description":"Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions. \n\nBy providing remote access information to an external monitoring system, the organization can monitor for cyber attacks and monitor compliance with remote access policies. The organization can also look at data organization wide and determine an attack or anomaly is occurring on the organization which might not be noticed if the data were kept local to the web server.\n\nExamples of external applications used to monitor or control access would be audit log monitoring systems, dynamic firewalls, or infrastructure monitoring systems.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.\n\n4. Validate that the folder specified exists. If the folder does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3a. If the virtual host is NOT configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod\", add the directive if it does not exist unless inherited from a larger scope.\n3b. If the virtual host is configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"81163a14-2312-4b79-b4c5-1ea445e4ef78","vulnId":"V-221297","severity":"medium","ruleTitle":"Remote access to OHS must follow access policy or work in conjunction with enterprise tools designed to enforce policy requirements.","description":"Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions.\n\nA web server can be accessed remotely and must be able to enforce remote access policy requirements or work in conjunction with enterprise tools designed to enforce policy requirements. \n\nExamples of the web server enforcing a remote access policy are implementing IP filtering rules, using https instead of http for communication, implementing secure tokens, and validating users.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor.\n\n2. Review the directives (e.g., \"\", \"\", and \"\") at the OHS server and virtual host configuration scopes.\n\n3. If these directives do not contain the appropriate access protection via secure authentication, SSL-associated directives, or \"Order\", \"Deny\", and \"Allow\" directives to secure access or prohibit access from nonsecure zones, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor.\n\n2. Review the directives (e.g., \"\", \"\", and \"\") at the OHS server and virtual host configuration scopes.\n\n3. Configure the web server to require secure authentication as required, use SSL, and/or restrict access from nonsecure zones via \"Order\", \"Deny\", and \"Allow\" directives.\n\nNote: A product such as Oracle Access Manager may facilitate satisfying these requirements."},{"id":"bd7bf04c-3fdf-4d56-b4b5-b63428f3a8ed","vulnId":"V-221298","severity":"medium","ruleTitle":"OHS must have the Order, Allow, and Deny directives set within the Directory directives set to restrict inbound connections from nonsecure zones.","description":"Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions.\n\nA web server can be accessed remotely and must be capable of restricting access from what the DoD defines as nonsecure zones. Nonsecure zones are defined as any IP, subnet, or region that is defined as a threat to the organization. The nonsecure zones must be defined for public web servers logically located in a DMZ, as well as private web servers with perimeter protection devices. By restricting access from nonsecure zones, through internal web server access list, the web server can stop or slow denial of service (DoS) attacks on the web server.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor.\n\n2. Search for the \"\" directive at the OHS server and virtual host configuration scopes.\n\nNote: This check does not apply to the root directory, i.e. the directive.\n\n3. If the \"\" directive does not contain the appropriate \"Order\", \"Deny\", and \"Allow\" directives to prohibit access from nonsecure zones, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor.\n\n2. Search for the \"\" directive at the OHS server and virtual host configuration scopes.\n\nNote: This fix does not apply to the root directory, i.e. the directive.\n\n3. Set the \"Order\" directive to \"allow,deny\", add the directive if it does not exist.\n\n4. Set \"Allow\" directives to \"from all\" or to an IP range (e.g., \"from 123.123\"), add the directives if they do not exist.\n\n5. Set \"Deny\" directives to an IP range (e.g., \"from 123.123\") to specify nonsecure zones, add the directives if they do not exist."},{"id":"a477bedc-e5f0-4e89-9ca6-ef1d216c764c","vulnId":"V-221299","severity":"medium","ruleTitle":"OHS must have the Order, Allow, and Deny directives set within the Files directives set to restrict inbound connections from nonsecure zones.","description":"Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions.\n\nA web server can be accessed remotely and must be capable of restricting access from what the DoD defines as nonsecure zones. Nonsecure zones are defined as any IP, subnet, or region that is defined as a threat to the organization. The nonsecure zones must be defined for public web servers logically located in a DMZ, as well as private web servers with perimeter protection devices. By restricting access from nonsecure zones, through internal web server access list, the web server can stop or slow denial of service (DoS) attacks on the web server.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor.\n\n2. Search for the \"\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. If the \"\" directive does not contain the appropriate \"Order\", \"Deny\", and \"Allow\" directives to prohibit access from nonsecure zones, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor.\n\n2. Search for the \"\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. Set the \"Order\" directive to \"allow,deny\", add the directive if it does not exist.\n\n4. Set \"Allow\" directives to \"from all\" or to an IP range (e.g., \"from 123.123\"), add the directives if they do not exist.\n\n5. Set \"Deny\" directives to an IP range (e.g., \"from 123.123\") to specify nonsecure zones, add the directives if they do not exist."},{"id":"cb6fd922-0ce8-46a3-88fa-4a9c5a86da9b","vulnId":"V-221300","severity":"medium","ruleTitle":"OHS must have the Order, Allow, and Deny directives set within the Location directives set to restrict inbound connections from nonsecure zones.","description":"Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions.\n\nA web server can be accessed remotely and must be capable of restricting access from what the DoD defines as nonsecure zones. Nonsecure zones are defined as any IP, subnet, or region that is defined as a threat to the organization. The nonsecure zones must be defined for public web servers logically located in a DMZ, as well as private web servers with perimeter protection devices. By restricting access from nonsecure zones, through internal web server access list, the web server can stop or slow denial of service (DoS) attacks on the web server.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor.\n\n2. Search for the \"\" directive at the OHS server and virtual host configuration scopes.\n\n3. If the \"\" directive does not contain the appropriate \"Order\", \"Deny\", and \"Allow\" directives to prohibit access from nonsecure zones, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor.\n\n2. Search for the \"\" directive at the OHS server and virtual host configuration scopes.\n\n3. Set the \"Order\" directive to \"allow,deny\", add the directive if it does not exist.\n\n4. Set \"Allow\" directives to \"from all\" or to an IP range (e.g., \"from 123.123\"), add the directives if they do not exist.\n\n5. Set \"Deny\" directives to an IP range (e.g., \"from 123.123\") to specify nonsecure zones, add the directives if they do not exist."},{"id":"e0fe8573-7891-490a-b0ce-13ddb25c6ea9","vulnId":"V-221301","severity":"medium","ruleTitle":"OHS must provide the capability to immediately disconnect or disable remote access to the hosted applications.","description":"During an attack on the web server or any of the hosted applications, the system administrator may need to disconnect or disable access by users to stop the attack. \n\nThe web server must provide a capability to disconnect users to a hosted application without compromising other hosted applications unless deemed necessary to stop the attack. Methods to disconnect or disable connections are to stop the application service for a specified hosted application, stop the web server, or block all connections through web server access list. \n\nThe web server capabilities used to disconnect or disable users from connecting to hosted applications and the web server must be documented to make certain that, during an attack, the proper action is taken to conserve connectivity to any other hosted application if possible and to make certain log data is conserved for later forensic analysis.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor.\n\n2. Search for the \"\", \"\", or \"\" directive serving the application/content under attack at the OHS server, virtual host, or directory configuration scope.\n\n3. If the \"\", \"\", or \"\" directive serving the application/content under attack does not contain the appropriate \"Order\", \"Deny\", and \"Allow\" directives to prohibit access, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor.\n\n2. Search for the \"\", \"\", or \"\" directive serving the application/content under attack at the OHS server, virtual host, or directory configuration scope.\n\n3. Set the \"Order\" directive to \"allow,deny\", add the directive if it does not exist.\n\n4. Comment out any \"Allow\" directives to prohibit access to the application/content under attack if it exists.\n\n5. Set \"Deny\" directives to \"from all\" to prohibit access to the application/content under attack, add the directive if it does not exist.\n\n6. Issue a \"nmSoftRestart(serverName='componentName',serverType='OHS') from the WLST shell prompt."},{"id":"9167ead9-928f-402c-bea1-fd93deb971dc","vulnId":"V-221302","severity":"medium","ruleTitle":"Non-privileged accounts on the hosting system must only access OHS security-relevant information and functions through a distinct administrative account.","description":"By separating web server security functions from non-privileged users, roles can be developed that can then be used to administer the web server. Forcing users to change from a non-privileged account to a privileged account when operating on the web server or on security-relevant information forces users to only operate as a web server administrator when necessary. Operating in this manner allows for better logging of changes and better forensic information and limits accidental changes to the web server.","checkContent":"1. Check that sudo is properly configured for the account owning the OHS software.\n\n2. If accounts other than the account that owns the OHS software can access the OHS software, this is a finding.","fixText":"1. Configure sudo such that only the account that owns the OHS software can access it from the hosting system."},{"id":"40285880-b124-4924-b0f8-da79ca9b45cb","vulnId":"V-221303","severity":"medium","ruleTitle":"OHS must have the client requests logging module loaded to generate log records for system startup and shutdown, system access, and system authentication logging.","description":"Log records can be generated from various components within the web server (e.g., httpd, plug-ins to external backends, etc.). From a web server perspective, certain specific web server functionalities may be logged as well. The web server must allow the definition of what events are to be logged. As conditions change, the number and types of events to be logged may change, and the web server must be able to facilitate these changes.\n\nThe minimum list of logged events should be those pertaining to system startup and shutdown, system access, and system authentication events. If these events are not logged at a minimum, any type of forensic investigation would be missing pertinent information needed to replay what occurred.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule log_config_module\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted, this is a finding.\n\n4. Validate that the file specified exist. If the file does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule log_config_module\" directive at the OHS server configuration scope.\n\n3. Set the \"LoadModule log_config_module\" directive to \"\"${PRODUCT_HOME}/modules/mod_log_config.so\"\", add the directive if it does not exist."},{"id":"68a0955b-a27b-40da-ae1a-1dfb71020e81","vulnId":"V-221304","severity":"medium","ruleTitle":"OHS must have OraLogMode set to Oracle Diagnostic Logging text mode to generate log records for system startup and shutdown, system access, and system authentication logging.","description":"Log records can be generated from various components within the web server (e.g., httpd, plug-ins to external backends, etc.). From a web server perspective, certain specific web server functionalities may be logged as well. The web server must allow the definition of what events are to be logged. As conditions change, the number and types of events to be logged may change, and the web server must be able to facilitate these changes.\n\nThe minimum list of logged events should be those pertaining to system startup and shutdown, system access, and system authentication events. If these events are not logged at a minimum, any type of forensic investigation would be missing pertinent information needed to replay what occurred.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogMode\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted or is not set to \"odl-text\", this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogMode\" directive at the OHS server configuration scope.\n\n3. Set the \"OraLogMode\" directive to \"odl-text\", add the directive if it does not exist."},{"id":"fb5bf656-c5e4-4e9c-8e6b-0fcbd08ffcfd","vulnId":"V-221305","severity":"medium","ruleTitle":"OHS must have a log directory location defined to generate log records for system startup and shutdown, system access, and system authentication logging.","description":"Log records can be generated from various components within the web server (e.g., httpd, plug-ins to external backends, etc.). From a web server perspective, certain specific web server functionalities may be logged as well. The web server must allow the definition of what events are to be logged. As conditions change, the number and types of events to be logged may change, and the web server must be able to facilitate these changes.\n\nThe minimum list of logged events should be those pertaining to system startup and shutdown, system access, and system authentication events. If these events are not logged at a minimum, any type of forensic investigation would be missing pertinent information needed to replay what occurred.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogDir\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted, this is a finding.\n\n4. Validate that the folder specified exists. If the folder does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogDir\" directive at the OHS server configuration scope.\n\n3. Set the \"OraLogDir\" directive to an appropriate, protected location on a partition with sufficient space that is different from the partition on which the OHS software is installed; add the directive if it does not exist."},{"id":"5318c317-7533-4690-8981-8ed941b487d1","vulnId":"V-221306","severity":"medium","ruleTitle":"OHS must have a log level severity defined to generate adequate log records for system startup and shutdown, system access, and system authentication events.","description":"Log records can be generated from various components within the web server (e.g., httpd, plug-ins to external backends, etc.). From a web server perspective, certain specific web server functionalities may be logged as well. The web server must allow the definition of what events are to be logged. As conditions change, the number and types of events to be logged may change, and the web server must be able to facilitate these changes.\n\nThe minimum list of logged events should be those pertaining to system startup and shutdown, system access, and system authentication events. If these events are not logged at a minimum, any type of forensic investigation would be missing pertinent information needed to replay what occurred.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogSeverity\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted or is not set to \"NOTIFICATION:32\", this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogSeverity\" directive at the OHS server configuration scope.\n\n3. Set the \"OraLogSeverity\" directive to \"NOTIFICATION:32\", add the directive if it does not exist."},{"id":"ae387f73-64ff-4224-89bd-c0be140d3a2c","vulnId":"V-221307","severity":"medium","ruleTitle":"OHS must have the log rotation parameter set to allow for the generation log records for system startup and shutdown, system access, and system authentication events.","description":"Log records can be generated from various components within the web server (e.g., httpd, plug-ins to external backends, etc.). From a web server perspective, certain specific web server functionalities may be logged as well. The web server must allow the definition of what events are to be logged. As conditions change, the number and types of events to be logged may change, and the web server must be able to facilitate these changes.\n\nThe minimum list of logged events should be those pertaining to system startup and shutdown, system access, and system authentication events. If these events are not logged at a minimum, any type of forensic investigation would be missing pertinent information needed to replay what occurred.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogRotationParams\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted or set improperly, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogRotationParams\" directive at the OHS server configuration scope.\n\n3. As required, set the \"OraLogRotationParams\" directive to satisfy the NIST 800-92 logging requirements, add the directive if it does not exist."},{"id":"a5633792-cc7e-44f3-a6a2-4c882e44a773","vulnId":"V-221308","severity":"medium","ruleTitle":"OHS must have a log format defined to generate adequate logs by system startup and shutdown, system access, and system authentication events.","description":"Log records can be generated from various components within the web server (e.g., httpd, plug-ins to external backends, etc.). From a web server perspective, certain specific web server functionalities may be logged as well. The web server must allow the definition of what events are to be logged. As conditions change, the number and types of events to be logged may change, and the web server must be able to facilitate these changes.\n\nThe minimum list of logged events should be those pertaining to system startup and shutdown, system access, and system authentication events. If these events are not logged at a minimum, any type of forensic investigation would be missing pertinent information needed to replay what occurred.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i\" dod\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"246b4422-b3ec-437f-8401-67a8a3a180ce","vulnId":"V-221309","severity":"medium","ruleTitle":"OHS must have a SSL log format defined to generate adequate logs by system startup and shutdown, system access, and system authentication events.","description":"Log records can be generated from various components within the web server (e.g., httpd, plug-ins to external backends, etc.). From a web server perspective, certain specific web server functionalities may be logged as well. The web server must allow the definition of what events are to be logged. As conditions change, the number and types of events to be logged may change, and the web server must be able to facilitate these changes.\n\nThe minimum list of logged events should be those pertaining to system startup and shutdown, system access, and system authentication events. If these events are not logged at a minimum, any type of forensic investigation would be missing pertinent information needed to replay what occurred.","checkContent":"1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"e1b2daea-bf2e-4238-bf49-7969c74ca3ea","vulnId":"V-221310","severity":"medium","ruleTitle":"OHS must have a log file defined for each site/virtual host to capture logs generated by system startup and shutdown, system access, and system authentication events.","description":"Log records can be generated from various components within the web server (e.g., httpd, plug-ins to external backends, etc.). From a web server perspective, certain specific web server functionalities may be logged as well. The web server must allow the definition of what events are to be logged. As conditions change, the number and types of events to be logged may change, and the web server must be able to facilitate these changes.\n\nThe minimum list of logged events should be those pertaining to system startup and shutdown, system access, and system authentication events. If these events are not logged at a minimum, any type of forensic investigation would be missing pertinent information needed to replay what occurred.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.\n\n4. Validate that the folder specified exists. If the folder does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3a. If the virtual host is NOT configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod\", add the directive if it does not exist unless inherited from a larger scope.\n3b. If the virtual host is configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"fad1a3f1-bc25-4a04-a815-b1f0a6793efc","vulnId":"V-221312","severity":"medium","ruleTitle":"OHS must have a log level severity defined to produce sufficient log records to establish what type of events occurred.","description":"Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. \n\nAscertaining the correct type of event that occurred is important during forensic analysis. The correct determination of the event and when it occurred is important in relation to other events that happened at that same time. \n\nWithout sufficient information establishing what type of log event occurred, investigation into the cause of event is severely hindered. Log record content that may be necessary to satisfy the requirement of this control includes, but is not limited to, time stamps, source and destination IP addresses, user/process identifiers, event descriptions, application-specific events, success/fail indications, file names involved, access control, or flow control rules invoked.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogSeverity\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted or is not set to \"NOTIFICATION:32\", this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogSeverity\" directive at the OHS server configuration scope.\n\n3. Set the \"OraLogSeverity\" directive to \"NOTIFICATION:32\", add the directive if it does not exist."},{"id":"681e6bc8-76c5-4fce-b294-4b10cb2ccf25","vulnId":"V-221313","severity":"medium","ruleTitle":"OHS must have a log format defined for log records generated to capture sufficient information to establish what type of events occurred.","description":"Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. \n\nAscertaining the correct type of event that occurred is important during forensic analysis. The correct determination of the event and when it occurred is important in relation to other events that happened at that same time. \n\nWithout sufficient information establishing what type of log event occurred, investigation into the cause of event is severely hindered. Log record content that may be necessary to satisfy the requirement of this control includes, but is not limited to, time stamps, source and destination IP addresses, user/process identifiers, event descriptions, application-specific events, success/fail indications, file names involved, access control, or flow control rules invoked.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i\" dod\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"cd7b2cad-6086-4085-a57c-188b25940769","vulnId":"V-221314","severity":"medium","ruleTitle":"OHS must have a SSL log format defined for log records generated to capture sufficient information to establish what type of events occurred.","description":"Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. \n\nAscertaining the correct type of event that occurred is important during forensic analysis. The correct determination of the event and when it occurred is important in relation to other events that happened at that same time. \n\nWithout sufficient information establishing what type of log event occurred, investigation into the cause of event is severely hindered. Log record content that may be necessary to satisfy the requirement of this control includes, but is not limited to, time stamps, source and destination IP addresses, user/process identifiers, event descriptions, application-specific events, success/fail indications, file names involved, access control, or flow control rules invoked.","checkContent":"1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"c7fc113e-84ec-4fd9-a1ed-119bc8a62313","vulnId":"V-221315","severity":"medium","ruleTitle":"OHS must have a log file defined for each site/virtual host to capture sufficient information to establish what type of events occurred.","description":"Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. \n\nAscertaining the correct type of event that occurred is important during forensic analysis. The correct determination of the event and when it occurred is important in relation to other events that happened at that same time. \n\nWithout sufficient information establishing what type of log event occurred, investigation into the cause of event is severely hindered. Log record content that may be necessary to satisfy the requirement of this control includes, but is not limited to, time stamps, source and destination IP addresses, user/process identifiers, event descriptions, application-specific events, success/fail indications, file names involved, access control, or flow control rules invoked.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.\n\n4. Validate that the folder specified exists. If the folder does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3a. If the virtual host is NOT configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod\", add the directive if it does not exist unless inherited from a larger scope.\n3b. If the virtual host is configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"cc11a65d-f094-43b1-b25e-8fbf9d9ab640","vulnId":"V-221316","severity":"medium","ruleTitle":"OHS must have a log format defined for log records generated to capture sufficient information to establish when an event occurred.","description":"Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. \n\nAscertaining the correct order of the events that occurred is important during forensic analysis. Events that appear harmless by themselves might be flagged as a potential threat when properly viewed in sequence. By also establishing the event date and time, an event can be properly viewed with an enterprise tool to fully see a possible threat in its entirety.\n\nWithout sufficient information establishing when the log event occurred, investigation into the cause of event is severely hindered. Log record content that may be necessary to satisfy the requirement of this control includes, but is not limited to, time stamps, source and destination IP addresses, user/process identifiers, event descriptions, application-specific events, success/fail indications, file names involved, access control, or flow control rules invoked.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i\" dod\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"de508588-df39-4e3c-b155-ee52ff058d5d","vulnId":"V-221317","severity":"medium","ruleTitle":"OHS must have a SSL log format defined for log records generated to capture sufficient information to establish when an event occurred.","description":"Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. \n\nAscertaining the correct order of the events that occurred is important during forensic analysis. Events that appear harmless by themselves might be flagged as a potential threat when properly viewed in sequence. By also establishing the event date and time, an event can be properly viewed with an enterprise tool to fully see a possible threat in its entirety.\n\nWithout sufficient information establishing when the log event occurred, investigation into the cause of event is severely hindered. Log record content that may be necessary to satisfy the requirement of this control includes, but is not limited to, time stamps, source and destination IP addresses, user/process identifiers, event descriptions, application-specific events, success/fail indications, file names involved, access control, or flow control rules invoked.","checkContent":"1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"d6dbcdd7-f837-48e3-9a9d-95ffbb93d5de","vulnId":"V-221318","severity":"medium","ruleTitle":"OHS must have a log file defined for each site/virtual host to capture logs generated that allow the establishment of when an event occurred.","description":"Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. \n\nAscertaining the correct order of the events that occurred is important during forensic analysis. Events that appear harmless by themselves might be flagged as a potential threat when properly viewed in sequence. By also establishing the event date and time, an event can be properly viewed with an enterprise tool to fully see a possible threat in its entirety.\n\nWithout sufficient information establishing when the log event occurred, investigation into the cause of event is severely hindered. Log record content that may be necessary to satisfy the requirement of this control includes, but is not limited to, time stamps, source and destination IP addresses, user/process identifiers, event descriptions, application-specific events, success/fail indications, file names involved, access control, or flow control rules invoked.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.\n\n4. Validate that the folder specified exists. If the folder does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3a. If the virtual host is NOT configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod\", add the directive if it does not exist unless inherited from a larger scope.\n3b. If the virtual host is configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"6f19e370-0a75-44b4-8b6b-2ca72290eb49","vulnId":"V-221319","severity":"medium","ruleTitle":"OHS must have a log format defined for log records that allow the establishment of where within OHS the events occurred.","description":"$27","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i\" dod\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"5eafc96f-c062-4b9c-a910-6bf69cd8d7e6","vulnId":"V-221320","severity":"medium","ruleTitle":"OHS must have a SSL log format defined for log records that allow the establishment of where within OHS the events occurred.","description":"$28","checkContent":"1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"f1413edb-f2f2-43e6-ab3e-a6fb77718c0e","vulnId":"V-221321","severity":"medium","ruleTitle":"OHS must have a log file defined for each site/virtual host to capture logs generated that allow the establishment of where within OHS the events occurred.","description":"$29","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.\n\n4. Validate that the folder specified exists. If the folder does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3a. If the virtual host is NOT configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod\", add the directive if it does not exist unless inherited from a larger scope.\n3b. If the virtual host is configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"eaf82391-e7b5-4800-bbb7-eee3859afc55","vulnId":"V-221322","severity":"medium","ruleTitle":"OHS must have a log format defined for log records that allow the establishment of the source of events.","description":"$2a","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i\" dod\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"b670c8e9-15ac-4e5f-a38c-0870f82751e0","vulnId":"V-221323","severity":"medium","ruleTitle":"OHS must have a SSL log format defined for log records that allow the establishment of the source of events.","description":"$2b","checkContent":"1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"95cd4170-b230-46ee-a6b5-bfc15e8b14d7","vulnId":"V-221324","severity":"medium","ruleTitle":"OHS must have a log file defined for each site/virtual host to capture logs generated that allow the establishment of the source of events.","description":"$2c","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.\n\n4. Validate that the folder specified exists. If the folder does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3a. If the virtual host is NOT configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod\", add the directive if it does not exist unless inherited from a larger scope.\n3b. If the virtual host is configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"03a2a679-54d8-4edb-b649-e3d5c8ecd288","vulnId":"V-221325","severity":"medium","ruleTitle":"OHS, behind a load balancer or proxy server, must produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event.","description":"Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. \n\nAscertaining the correct source, e.g., source IP, of the events is important during forensic analysis. Correctly determining the source of events will add information to the overall reconstruction of the logable event. By determining the source of the event correctly, analysis of the enterprise can be undertaken to determine if events tied to the source occurred in other areas within the enterprise.\n\nA web server behind a load balancer or proxy server, when not configured correctly, will record the load balancer or proxy server as the source of every logable event. When looking at the information forensically, this information is not helpful in the investigation of events. The web server must record with each event the client source of the event.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i\" dod\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"44c89636-bf83-4f6c-bf0d-5d47685e7eb7","vulnId":"V-221326","severity":"medium","ruleTitle":"OHS, behind a load balancer or proxy server, must have the SSL log format set correctly to produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event.","description":"Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. \n\nAscertaining the correct source, e.g., source IP, of the events is important during forensic analysis. Correctly determining the source of events will add information to the overall reconstruction of the logable event. By determining the source of the event correctly, analysis of the enterprise can be undertaken to determine if events tied to the source occurred in other areas within the enterprise.\n\nA web server behind a load balancer or proxy server, when not configured correctly, will record the load balancer or proxy server as the source of every logable event. When looking at the information forensically, this information is not helpful in the investigation of events. The web server must record with each event the client source of the event.","checkContent":"1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"8b691fe3-886a-4e10-b726-598bb1a866a3","vulnId":"V-221327","severity":"medium","ruleTitle":"OHS, behind a load balancer or proxy server, must have a log file defined for each site/virtual host to produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event.","description":"Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. \n\nAscertaining the correct source, e.g., source IP, of the events is important during forensic analysis. Correctly determining the source of events will add information to the overall reconstruction of the logable event. By determining the source of the event correctly, analysis of the enterprise can be undertaken to determine if events tied to the source occurred in other areas within the enterprise.\n\nA web server behind a load balancer or proxy server, when not configured correctly, will record the load balancer or proxy server as the source of every logable event. When looking at the information forensically, this information is not helpful in the investigation of events. The web server must record with each event the client source of the event.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.\n\n4. Validate that the folder specified exists. If the folder does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3a. If the virtual host is NOT configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod\", add the directive if it does not exist unless inherited from a larger scope.\n3b. If the virtual host is configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"b1b09bce-3509-42a1-b61a-dfec3fe828a5","vulnId":"V-221328","severity":"medium","ruleTitle":"OHS must have a log format defined to produce log records that contain sufficient information to establish the outcome (success or failure) of events.","description":"$2d","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i\" dod\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"6d86bcfc-2b6f-4972-a019-60acfca6255d","vulnId":"V-221329","severity":"medium","ruleTitle":"OHS must have a SSL log format defined to produce log records that contain sufficient information to establish the outcome (success or failure) of events.","description":"$2e","checkContent":"1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"88e48bcc-164b-45de-a52a-b643130e111a","vulnId":"V-221330","severity":"medium","ruleTitle":"OHS must have a log file defined for each site/virtual host to produce log records that contain sufficient information to establish the outcome (success or failure) of events.","description":"$2f","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.\n\n4. Validate that the folder specified exists. If the folder does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3a. If the virtual host is NOT configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod\", add the directive if it does not exist unless inherited from a larger scope.\n3b. If the virtual host is configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"498947cf-bf83-47be-8c2d-c8a81b380332","vulnId":"V-221331","severity":"medium","ruleTitle":"OHS must have a log format defined to produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event.","description":"Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined.\n\nDetermining user accounts, processes running on behalf of the user, and running process identifiers also enable a better understanding of the overall event. User tool identification is also helpful to determine if events are related to overall user access or specific client tools.\n\nLog record content that may be necessary to satisfy the requirement of this control includes: time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i\" dod\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"1b2009fc-d605-44f4-8d7a-cfd8f018bbab","vulnId":"V-221332","severity":"medium","ruleTitle":"OHS must have a SSL log format defined to produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event.","description":"Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined.\n\nDetermining user accounts, processes running on behalf of the user, and running process identifiers also enable a better understanding of the overall event. User tool identification is also helpful to determine if events are related to overall user access or specific client tools.\n\nLog record content that may be necessary to satisfy the requirement of this control includes: time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked.","checkContent":"1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"LogFormat\" directive with a nickname of \"dod_ssl\" at the OHS server and virtual host configuration scopes.\n\n3. Set the \"LogFormat\" directive to \"\"%h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-Agent}i\\\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"fd2469a5-2962-4dbc-b43a-7fdb981c779d","vulnId":"V-221333","severity":"medium","ruleTitle":"OHS must have a log file defined for each site/virtual host to produce log records containing sufficient information to establish the identity of any user/subject or process associated with an event.","description":"Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined.\n\nDetermining user accounts, processes running on behalf of the user, and running process identifiers also enable a better understanding of the overall event. User tool identification is also helpful to determine if events are related to overall user access or specific client tools.\n\nLog record content that may be necessary to satisfy the requirement of this control includes: time stamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.\n\n4. Validate that the folder specified exists. If the folder does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3a. If the virtual host is NOT configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod\", add the directive if it does not exist unless inherited from a larger scope.\n3b. If the virtual host is configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope."},{"id":"7f3914aa-a59a-4e88-b121-d735477a3e91","vulnId":"V-221334","severity":"medium","ruleTitle":"OHS log files must only be accessible by privileged users.","description":"Log data is essential in the investigation of events. If log data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity would be difficult, if not impossible, to achieve. In addition, access to log records provides information an attacker could potentially use to their advantage since each event record might contain communication ports, protocols, services, trust relationships, user names, etc.\n\nThe web server must protect the log data from unauthorized read, write, copy, etc. This can be done by the web server if the web server is also doing the logging function. The web server may also use an external log system. In either case, the logs must be protected from access by non-privileged users.","checkContent":"1. Change to the ORACLE_HOME/user_projects/domains/base_domain/servers directory.\n\n2. Execute the command: find . -name *.log \n\n3. Verify that each log file that was returned has the owner and group set to the user and group used to run the web server. The user and group are typically set to Oracle.\n\n4. Verify that each log file that was returned has the permissions on the log file set to \"640\" or more restrictive.\n\nIf the owner, group or permissions are set incorrectly on any of the log files, this is a finding.","fixText":"1. Change to the ORACLE_HOME/user_projects/domains/base_domain/servers directory.\n\n2. Execute the command: find . -name *.log\n \n3. Set the owner and group to the user and group used to run the web server. The user and group are typically set to Oracle.\n\n4. Set the permissions on all the log files returned to \"640\"."},{"id":"e7abd1dd-b7db-471f-a78b-aadeec55f625","vulnId":"V-221335","severity":"medium","ruleTitle":"The log information from OHS must be protected from unauthorized modification.","description":"Log data is essential in the investigation of events. The accuracy of the information is always pertinent. Information that is not accurate does not help in the revealing of potential security risks and may hinder the early discovery of a system compromise. One of the first steps an attacker will undertake is the modification or deletion of log records to cover his tracks and prolong discovery.\n\nThe web server must protect the log data from unauthorized modification. This can be done by the web server if the web server is also doing the logging function. The web server may also use an external log system. In either case, the logs must be protected from modification by non-privileged users.","checkContent":"1. Change to the ORACLE_HOME/user_projects/domains/base_domain/servers directory.\n\n2. Execute the command: find . -name *.log \n\n3. Verify that each log file that was returned has the owner and group set to the user and group used to run the web server. The user and group are typically set to Oracle.\n\n4. Verify that each log file that was returned has the permissions on the log file set to \"640\" or more restrictive.\n\nIf the owner, group or permissions are set incorrectly on any of the log files, this is a finding.","fixText":"1. Change to the ORACLE_HOME/user_projects/domains/base_domain/servers directory.\n\n2. Execute the command: find . -name *.log \n\n3. Set the owner and group to the user and group used to run the web server. The user and group are typically set to Oracle.\n\n4. Set the permissions on all the log files returned to \"640\"."},{"id":"c1c052e3-aa4f-4c30-94bb-285bda482668","vulnId":"V-221336","severity":"medium","ruleTitle":"The log information from OHS must be protected from unauthorized deletion.","description":"Log data is essential in the investigation of events. The accuracy of the information is always pertinent. Information that is not accurate does not help in the revealing of potential security risks and may hinder the early discovery of a system compromise. One of the first steps an attacker will undertake is the modification or deletion of audit records to cover his tracks and prolong discovery.\n\nThe web server must protect the log data from unauthorized deletion. This can be done by the web server if the web server is also doing the logging function. The web server may also use an external log system. In either case, the logs must be protected from deletion by non-privileged users.","checkContent":"1. Change to the ORACLE_HOME/user_projects/domains/base_domain/servers directory.\n\n2. Execute the command: find . -name *.log \n\n3. Verify that each log file that was returned has the owner and group set to the user and group used to run the web server. The user and group are typically set to Oracle.\n\n4. Verify that each log file that was returned has the permissions on the log file set to \"640\" or more restrictive.\n\nIf the owner, group or permissions are set incorrectly on any of the log files, this is a finding.","fixText":"1. Change to the ORACLE_HOME/user_projects/domains/base_domain/servers directory.\n\n2. Execute the command: find . -name *.log \n\n3. Set the owner and group to the user and group used to run the web server. The user and group are typically set to Oracle.\n\n4. Set the permissions on all the log files returned to \"640\"."},{"id":"fd83abb5-4efd-4af3-a319-dcc576e466c3","vulnId":"V-221337","severity":"medium","ruleTitle":"The log data and records from OHS must be backed up onto a different system or media.","description":"Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up log records to an unrelated system or onto separate media than the system the web server is actually running on helps to assure that, in the event of a catastrophic system failure, the log records will be retained.","checkContent":"1. Verify that the System Administrator backs up the files located in the $DOMAIN_HOME/servers//logs directory.\n\n2. If the files located in the $DOMAIN_HOME/servers//logs directory, this is a finding.","fixText":"Have the System Administrator back up the files located in the $DOMAIN_HOME/servers//logs directory."},{"id":"72829010-5f8b-40ab-8c8e-5d92df73e0e1","vulnId":"V-221338","severity":"medium","ruleTitle":"OHS must be configured to store error log files to an appropriate storage device from which other tools can be configured to reference those log files for diagnostic/forensic purposes.","description":"A web server will typically utilize logging mechanisms for maintaining a historical log of activity that occurs within a hosted application. This information can then be used for diagnostic purposes, forensics purposes, or other purposes relevant to ensuring the availability and integrity of the hosted application.\n\nWhile it is important to log events identified as being critical and relevant to security, it is equally important to notify the appropriate personnel in a timely manner so they are able to respond to events as they occur. \n\nManual review of the web server logs may not occur in a timely manner, and each event logged is open to interpretation by a reviewer. By integrating the web server into an overall or organization-wide log review, a larger picture of events can be viewed, and analysis can be done in a timely and reliable manner.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogDir\" directive at the OHS server configuration scope.\n\n3. If the directive is omitted, this is a finding.\n\n4. Validate that the folder specified exists. If the folder does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"OraLogDir\" directive at the OHS server configuration scope.\n\n3. Set the \"OraLogDir\" directive to an appropriate, protected location on a partition with sufficient space that is different from the partition on which the OHS software is installed; add the directive if it does not exist."},{"id":"90c4f814-c3fb-4ca2-b523-1146ff1ed945","vulnId":"V-221339","severity":"medium","ruleTitle":"OHS must be configured to store access log files to an appropriate storage device from which other tools can be configured to reference those log files for diagnostic/forensic purposes.","description":"A web server will typically utilize logging mechanisms for maintaining a historical log of activity that occurs within a hosted application. This information can then be used for diagnostic purposes, forensics purposes, or other purposes relevant to ensuring the availability and integrity of the hosted application.\n\nWhile it is important to log events identified as being critical and relevant to security, it is equally important to notify the appropriate personnel in a timely manner so they are able to respond to events as they occur. \n\nManual review of the web server logs may not occur in a timely manner, and each event logged is open to interpretation by a reviewer. By integrating the web server into an overall or organization-wide log review, a larger picture of events can be viewed, and analysis can be done in a timely and reliable manner.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.\n\n4. Validate that the folder specified exists. If the folder does not exist, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"CustomLog\" directive at the OHS server and virtual host configuration scopes.\n\n3a. If the virtual host is NOT configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod\", add the directive if it does not exist unless inherited from a larger scope and reference a location where other tools can access the log files for diagnostic/forensic purposes.\n3b. If the virtual host is configured for SSL, set the \"CustomLog\" directive to \"\"||${PRODUCT_HOME}/bin/odl_rotatelogs 43200\" dod_ssl\", add the directive if it does not exist unless inherited from a larger scope and reference a location where other tools can access the log files for diagnostic/forensic purposes."},{"id":"acc27257-1855-4493-bf4a-342a8d3f4ad7","vulnId":"V-221340","severity":"medium","ruleTitle":"OHS must have the LoadModule file_cache_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule file_cache_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule file_cache_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule file_cache_module\" directive if it exists."},{"id":"958f836e-1d6d-4fba-b11a-7771c1c3167a","vulnId":"V-221341","severity":"low","ruleTitle":"OHS must have the LoadModule vhost_alias_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule vhost_alias_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule vhost_alias_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule vhost_alias_module\" directive if it exists."},{"id":"eff3ab1d-777a-44de-87a1-f4272cc91214","vulnId":"V-221342","severity":"medium","ruleTitle":"OHS must have the LoadModule env_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule env_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule env_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule env_module\" directive if it exists."},{"id":"37f45f50-db1b-4cc2-b105-d5bb720c492f","vulnId":"V-221343","severity":"low","ruleTitle":"OHS must have the LoadModule mime_magic_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule mime_magic_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule mime_magic_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule mime_magic_module\" directive if it exists."},{"id":"c72bdedf-6fb5-4b26-a210-d011e3daefd2","vulnId":"V-221344","severity":"low","ruleTitle":"OHS must have the LoadModule negotiation_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule negotiation_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule negotiation_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule negotiation_module\" directive if it exists."},{"id":"3340a8c7-400a-46c9-bcf2-cec47df73256","vulnId":"V-221345","severity":"low","ruleTitle":"OHS must not have the LanguagePriority directive enabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"LanguagePriority\" directive.\n\n2. Search for the \"LanguagePriority\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"LanguagePriority\" directive.\n\n2. Search for the \"LanguagePriority\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. Comment out the \"LanguagePriority\" directive if it exists."},{"id":"bb61cc03-a27e-46ca-bdeb-bb81762ede50","vulnId":"V-221346","severity":"low","ruleTitle":"OHS must not have the ForceLanguagePriority directive enabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"ForceLanguagePriority\" directive.\n\n2. Search for the \"ForceLanguagePriority\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"ForceLanguagePriority\" directive.\n\n2. Search for the \"ForceLanguagePriority\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. Comment out the \"ForceLanguagePriority\" directive if it exists."},{"id":"71a91855-59f4-4cc9-af6b-671a51d79645","vulnId":"V-221347","severity":"medium","ruleTitle":"OHS must have the LoadModule status_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule status_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule status_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule status_module\" directive if it exists."},{"id":"74d51021-13aa-48cb-b31a-4965541b32c1","vulnId":"V-221348","severity":"medium","ruleTitle":"OHS must have the LoadModule info_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule info_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule info_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule info_module\" directive if it exists."},{"id":"d7cef721-56dd-4403-b096-58e69e091a2a","vulnId":"V-221349","severity":"medium","ruleTitle":"OHS must have the LoadModule include_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule include_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule include_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule include_module\" directive if it exists."},{"id":"c29ae108-836c-4514-b118-89c6e13971e9","vulnId":"V-221350","severity":"medium","ruleTitle":"OHS must have the LoadModule autoindex_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule autoindex_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule autoindex_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule autoindex_module\" directive if it exists."},{"id":"854df81c-5588-4686-a820-cf45312edaa8","vulnId":"V-221351","severity":"medium","ruleTitle":"OHS must have the IndexOptions directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an \"IndexOptions\" directive.\n\n2. Search for the \"IndexOptions\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an \"IndexOptions\" directive.\n\n2. Search for the \"IndexOptions\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. Comment out the \"IndexOptions\" directive if it exists."},{"id":"42149ccd-4047-47e1-b7bc-85627cfe226f","vulnId":"V-221352","severity":"medium","ruleTitle":"OHS must have the AddIconByEncoding directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an \"AddIconByEncoding\" directive.\n\n2. Search for an \"AddIconByEncoding\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an \"AddIconByEncoding\" directive.\n\n2. Search for an \"AddIconByEncoding\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. Comment out the \"AddIconByEncoding\" directive if it exists."},{"id":"6b519017-5fb0-4aa3-a180-a9cf3767a334","vulnId":"V-221353","severity":"medium","ruleTitle":"OHS must have the AddIconByType directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an \"AddIconByType\" directive.\n\n2. Search for an \"AddIconByType\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an \"AddIconByType\" directive.\n\n2. Search for an \"AddIconByType\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. Comment out the \"AddIconByType\" directive if it exists."},{"id":"622fe571-18af-498c-b87c-c04a8caf7c45","vulnId":"V-221354","severity":"medium","ruleTitle":"OHS must have the AddIcon directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an \"AddIcon\" directive.\n\n2. Search for an \"AddIcon\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an \"AddIcon\" directive.\n\n2. Search for an \"AddIcon\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. Comment out the \"AddIcon\" directive if it exists."},{"id":"ec43c265-92a6-4211-89b4-a16fe2f09f98","vulnId":"V-221355","severity":"medium","ruleTitle":"OHS must have the DefaultIcon directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"DefaultIcon\" directive.\n\n2. Search for a \"DefaultIcon\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"DefaultIcon\" directive.\n\n2. Search for a \"DefaultIcon\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. Comment out the \"DefaultIcon\" directive if it exists."},{"id":"8580c4fc-da6a-4915-a897-45fc195e80c9","vulnId":"V-221356","severity":"medium","ruleTitle":"OHS must have the ReadmeName directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system.\n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"ReadmeName\" directive.\n\n2. Search for a \"ReadmeName\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"ReadmeName\" directive.\n\n2. Search for a \"ReadmeName\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. Comment out the \"ReadmeName\" directive if it exists."},{"id":"1eef5013-3d81-48bb-a1a0-7ebb2e0f778e","vulnId":"V-221357","severity":"medium","ruleTitle":"OHS must have the HeaderName directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"HeaderName\" directive.\n\n2. Search for a \"HeaderName\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"HeaderName\" directive.\n\n2. Search for a \"HeaderName\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. Comment out the \"HeaderName\" directive if it exists."},{"id":"184e7632-2c5f-46f9-ba8a-0fc0fdbe9775","vulnId":"V-221358","severity":"medium","ruleTitle":"OHS must have the IndexIgnore directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an \"IndexIgnore\" directive.\n\n2. Search for an \"IndexIgnore\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an \"IndexIgnore\" directive.\n\n2. Search for an \"IndexIgnore\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. Comment out the \"IndexIgnore\" directive if it exists."},{"id":"ab89e0fd-07b6-43e2-9cdc-a2502112ec9b","vulnId":"V-221359","severity":"low","ruleTitle":"OHS must have the LoadModule dir_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system.\n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule dir_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule dir_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule dir_module\" directive if it exists."},{"id":"db8530fd-2bc4-4191-b915-9ec4d88dc0ee","vulnId":"V-221360","severity":"low","ruleTitle":"OHS must have the DirectoryIndex directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system.\n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"DirectoryIndex\" directive.\n\n2. Search for the \"DirectoryIndex\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. If the directive and any surrounding \"\" directive exist and are not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"DirectoryIndex\" directive.\n\n2. Search for the \"DirectoryIndex\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. Comment out the \"DirectoryIndex\" directive and any surrounding \"\" directive if they exist."},{"id":"1a6be5bc-5eda-44f5-8f9d-0a8a474c6083","vulnId":"V-221361","severity":"medium","ruleTitle":"OHS must have the LoadModule cgi_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule cgi_module\" directive within the \"\" directive at the OHS server configuration scope.\n\n3. If the directive and its surrounding \"\" directive exist and are not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule cgi_module\" directive within the \"\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule cgi_module\" directive and surrounding \"\" directives if they exist."},{"id":"f0135e48-1d84-4fab-af1c-5612df97202f","vulnId":"V-221362","severity":"medium","ruleTitle":"OHS must have the LoadModule fastcgi_module disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule fastcgi_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule fastcgi_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule fastcgi_module\" directive if it exists."},{"id":"f4397d18-9c4f-4a5f-bb36-1c26fd834221","vulnId":"V-221363","severity":"medium","ruleTitle":"OHS must have the LoadModule cgid_module directive disabled for mpm workers.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule cgid_module\" directive within the \"\" directive at the OHS server configuration scope.\n\n3. If the directive and its surrounding \"\" directive exist and are not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule cgid_module\" directive within the \"\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule cgid_module\" directive and surrounding \"\" directives if they exist."},{"id":"fed88042-2c92-4ce2-a80c-23095b03db85","vulnId":"V-221364","severity":"low","ruleTitle":"OHS must have the IfModule cgid_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"\" directive at the OHS server, virtual host, and directory configuration scope.\n\n3. If the directive and any directives that it may contain exist and are not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a \"\" directive.\n\n2. Search for the \"\" directive at the OHS server, virtual host, and directory configuration scopes.\n\n3. Comment out the \"\" directive and any directives it may contain."},{"id":"132876d6-02c8-4e14-a61b-89e1c28641f7","vulnId":"V-221365","severity":"low","ruleTitle":"OHS must have the LoadModule mpm_winnt_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule cgi_module\" directive within the \"\" directive at the OHS server configuration scope.\n\n3. If the directive and its surrounding \"\" directive exist and are not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule cgi_module\" directive within the \"\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule cgi_module\" directive and surrounding \"\" directives if they exist."},{"id":"1682a5e8-00b3-45e6-9171-49024a8002df","vulnId":"V-221366","severity":"medium","ruleTitle":"OHS must have the ScriptAlias directive for CGI scripts disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for a \"ScriptAlias /cgi-bin/\" directive within a \"\" directive at the OHS server configuration scope.\n\n3. If the directive and its surrounding \"\" directive exist and are not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for a \"ScriptAlias /cgi-bin/\" directive within a \"\" directive at the OHS server configuration scope.\n\n3. Comment out the \"ScriptAlias /cgi-bin/\" directive and its surrounding \"\" directive if they exist."},{"id":"9bc3d551-1b49-4e96-bfcc-c6a21cc540ab","vulnId":"V-221367","severity":"medium","ruleTitle":"OHS must have the ScriptSock directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for a \"ScriptSock\" directive within a \"\" directive at the OHS server configuration scope. Note: “ScriptSock” may appear as “Scriptsock” within the httpd.conf file.\n\n3. If the directive and its surrounding \"\" directive exist and are not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for a \"ScriptSock\" directive within a \"\" directive at the OHS server configuration scope. Note: “ScriptSock” may appear as “Scriptsock” within the httpd.conf file.\n\n3. Comment out the \"ScriptSock\" directive and its surrounding \"\" directive if they exist."},{"id":"944a27a3-3c48-4330-8bc8-b6e73bee915f","vulnId":"V-221368","severity":"medium","ruleTitle":"OHS must have the cgi-bin directory disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and $DOMAIN_HOME/config/fmwconfig/components/OHS//ssl.conf with an editor.\n\n2. Search for a \"\" directive at the OHS server and virtual host configuration scopes.\n\n3. If the directive and any directives that it contains exist and are not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and $DOMAIN_HOME/config/fmwconfig/components/OHS//ssl.conf with an editor.\n\n2. Search for a \"\" directive at the OHS server and virtual host configuration scopes.\n\n3. Comment out the \"\" directive and any directives it contains if they exist."},{"id":"f2a9607b-0480-4ec5-965e-b1723c762c69","vulnId":"V-221369","severity":"medium","ruleTitle":"OHS must have directives pertaining to certain scripting languages removed from virtual hosts.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//ssl.conf with an editor.\n\n2. Search for a \"\" directive at the virtual host configuration scope.\n\n3. If the directive and any directives that it contains exist and are not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//ssl.conf with an editor.\n\n2. Search for a \"\" directive at the OHS server configuration scope.\n\n3. Comment out the \"\" directive and any directives it contains if they exist."},{"id":"7a7f2052-af5f-4a90-8f73-11130ad6ae2d","vulnId":"V-221370","severity":"low","ruleTitle":"OHS must have the LoadModule asis_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule asis_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule asis_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule asis_module\" directive if it exists."},{"id":"2f5f7125-3557-4257-a3e9-48bb387b7f19","vulnId":"V-221371","severity":"low","ruleTitle":"OHS must have the LoadModule imagemap_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule imagemap_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule imagemap_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule imagemap_module\" directive if it exists."},{"id":"7170915b-c927-4c17-b3c7-4eb1e6c2d871","vulnId":"V-221372","severity":"medium","ruleTitle":"OHS must have the LoadModule actions_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule actions_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule actions_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule actions_module\" directive if it exists."},{"id":"a5640c89-d073-46b7-af6c-40137830af83","vulnId":"V-221373","severity":"low","ruleTitle":"OHS must have the LoadModule speling_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule speling_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule speling_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule speling_module\" directive if it exists."},{"id":"73400d0e-81ea-4177-9fcb-3cc7983f51c2","vulnId":"V-221374","severity":"medium","ruleTitle":"OHS must have the LoadModule userdir_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule userdir_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule userdir_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule userdir_module\" directive if it exists."},{"id":"2239672d-1eaf-49e9-af78-fd5c2fce83c4","vulnId":"V-221375","severity":"medium","ruleTitle":"OHS must have the AliasMatch directive pertaining to the OHS manuals disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for a \"AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru|tr))?(/.*)?$ \"${PRODUCT_HOME}/manual$1\"\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for an \"AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru|tr))?(/.*)?$ \"${PRODUCT_HOME}/manual$1\"\" directive at the OHS server configuration scope.\n\n3. Comment out the \"AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru|tr))?(/.*)?$ \"${PRODUCT_HOME}/manual$1\"\" directive if it exists."},{"id":"9afe4a9d-c020-4ad3-9d6f-efbc9d037225","vulnId":"V-221376","severity":"medium","ruleTitle":"OHS must have the Directory directive pointing to the OHS manuals disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for a \"\" directive at the OHS server configuration scope.\n\n3. If the directive and the directives it contains exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for a \"\" directive at the OHS server configuration scope.\n\n3. Comment out the \"\" directive and any directives it contains if they exist."},{"id":"254ab1e8-3b60-4376-9a61-fbc5ebd83353","vulnId":"V-221377","severity":"medium","ruleTitle":"OHS must have the LoadModule auth_basic_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule auth_basic_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule auth_basic_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule auth_basic_module\" directive if it exists."},{"id":"9719568d-5ea4-49c1-a843-29319aec38d6","vulnId":"V-221378","severity":"medium","ruleTitle":"OHS must have the LoadModule authz_user_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance. This module provides authorization capabilities so authenticated users can be allowed or denied access to portions of the web site. This requirement is meant to disable an unneeded service; it is not intended to restrict the use of authorization when data access restrictions specify the use of authorization. Refer to the system security plan to determine if authorization is required based on data access requirements.","checkContent":"If the AO approved system security plan for web server configuration specifies using the OHS authz_user_module in order to meet application architecture requirements, this requirement can be marked NA.\n\n1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule authz_user_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule authz_user_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule authz_user_module\" directive if it exists."},{"id":"65611fc3-8ff4-4ff7-992b-436c7bacbd62","vulnId":"V-221379","severity":"medium","ruleTitle":"OHS must have the LoadModule authn_file_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule authn_file_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule authn_file_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule authn_file_module\" directive if it exists."},{"id":"f7e62846-600e-4f84-9cbe-1916c9004dcd","vulnId":"V-221380","severity":"medium","ruleTitle":"OHS must have the LoadModule authn_anon_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule authn_anon_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule authn_anon_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule authn_anon_module\" directive if it exists."},{"id":"37d717f1-b02c-4676-8d0f-d815dbe51b07","vulnId":"V-221381","severity":"medium","ruleTitle":"OHS must have the LoadModule proxy_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"If the AO-approved system security plan for web server configuration specifies using the proxy_module directive in order to meet application architecture requirements and authentication is enforced, this requirement is NA.\n\n1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule proxy_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule proxy_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule proxy_module\" directive if it exists."},{"id":"7c856953-39b5-4942-bc97-b1c31c3997d8","vulnId":"V-221382","severity":"medium","ruleTitle":"OHS must have the LoadModule proxy_http_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance. The proxy_http_module requires the service of mod_proxy. It provides the features used for proxying HTTP and HTTPS requests. If proxy services are required, the proxy configuration must be approved by the AO.","checkContent":"If the AO approved system security plan for the web server configuration specifies using the proxy_http_module directive in order to meet application architecture requirements and authentication is enforced, this requirement is NA.\n\n1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule proxy_http_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule proxy_http_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule proxy_http_module\" directive if it exists."},{"id":"eb405a4e-537b-4d24-82ad-25993f25bb39","vulnId":"V-221383","severity":"medium","ruleTitle":"OHS must have the LoadModule proxy_ftp_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule proxy_ftp_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule proxy_ftp_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule proxy_ftp_module\" directive if it exists."},{"id":"cd1ee667-ff82-48f6-b5ea-4bcd3876e188","vulnId":"V-221384","severity":"medium","ruleTitle":"OHS must have the LoadModule proxy_connect_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule proxy_connect_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule proxy_connect_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule proxy_connnect_module\" directive if it exists."},{"id":"695ea3e0-fc3c-482f-b091-bf1153ece91d","vulnId":"V-221385","severity":"medium","ruleTitle":"OHS must have the LoadModule proxy_balancer_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule proxy_balancer_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule proxy_balancer_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule proxy_balancer_module\" directive if it exists."},{"id":"32ca392a-1af0-42d1-a563-aa04ba94937d","vulnId":"V-221386","severity":"low","ruleTitle":"OHS must have the LoadModule cern_meta_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule cern_meta_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule cern_meta_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule cern_meta_module\" directive if it exists."},{"id":"58e761b0-de89-40ee-83a9-4fea43ff0a62","vulnId":"V-221387","severity":"low","ruleTitle":"OHS must have the LoadModule expires_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule expires_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule expires_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule expires_module\" directive if it exists."},{"id":"bfb28e69-0e02-42d5-91fa-73fdb76434f9","vulnId":"V-221388","severity":"low","ruleTitle":"OHS must have the LoadModule usertrack_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule usertrack_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule usertrack_module\" directive at the OHS server configuration scope.\n\n3. Comment out the \"LoadModule usertrack_module\" directive if it exists."},{"id":"3354f064-f8ca-42be-8e9e-3893395f7ac3","vulnId":"V-221389","severity":"low","ruleTitle":"OHS must have the LoadModule uniqueid_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n2. Search for the \"LoadModule unique_id_module\" directive at the OHS server configuration scope.\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n2. Search for the \"LoadModule unique_id_module\" directive at the OHS server configuration scope.\n3. Comment out the \"LoadModule unique_id_module\" directive if it exists."},{"id":"2ad6c321-372e-484e-8fc8-6bf020f3ecb7","vulnId":"V-221390","severity":"medium","ruleTitle":"OHS must have the LoadModule setenvif_module directive disabled.","description":"A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. \n\nThe web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.","checkContent":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.\n\n2. Search for the \"LoadModule setenvif_module\" directive at the OHS server configuration scope.\n\n3. If the directive exists and is not commented out, this is a finding.","fixText":"1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/

Oracle HTTP Server 12.1.3 Security Technical Implementation Guide

Checks (280)