Remove Write Permissions From Filesystem Paths And Server Scripts
An XCCDF Rule
Description
Configure permissions for each instance of Alias,
ScriptAlias, and ScriptAliasMatch that exist.
$ sudo find DIR -type d -exec chmod 755 {} \;
$ sudo find DIR -type f -exec chmod 555 {} \;
Where DIR matches the paths from Alias,
ScriptAlias, and ScriptAliasMatch.
Rationale
Excessive permissions for the anonymous web user account are one of the most common faults contributing to the compromise of a web server. If this user is able to upload and execute files on the web server, the organization or owner of the server will no longer have control of the asset.
- ID
- xccdf_org.ssgproject.content_rule_httpd_configure_script_permissions
- Severity
- High
- References
- Updated