Installation of a compiler on production web server must be prohibited.
An XCCDF Rule
Description
<VulnDiscussion>The presence of a compiler on a production server facilitates the malicious user’s task of creating custom versions of programs and installing Trojan Horses or viruses. For example, the attacker’s code can be uploaded and compiled on the server under attack.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>Web Administrator</Responsibility><IAControls></IAControls>
- ID
- SV-33061r3_rule
- Severity
- Medium
- Updated
Remediation - Manual Procedure
Remove any compiler found on the production web server. If the compiler is needed to patch the product in a production environment, document the compiler installation with the ISSO/ISSM and ensure that the compiler is restricted to only administrative users.