Skip to content

OHS must have the ScriptSock directive disabled.

An XCCDF Rule

Description

A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. The web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance.

ID
SV-221367r879587_rule
Version
OH12-1X-000120
Severity
Medium
References
Updated

Remediation Templates

A Manual Procedure

1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor.

2. Search for a "ScriptSock" directive within a "<IfModule cgid_module>" directive at the OHS server configuration scope.  Note: “ScriptSock” may appear as “Scriptsock” within the httpd.conf file.

3. Comment out the "ScriptSock" directive and its surrounding "<IfModule cgid_module>" directive if they exist.