All interactive programs must be placed in a designated directory with appropriate permissions.

An XCCDF Rule

Description

<VulnDiscussion>Directory options directives are directives that can be applied to further restrict access to file and directories. The Options directive controls which server features are available in a particular directory. The ExecCGI option controls the execution of CGI scripts using mod_cgi. This needs to be restricted to only the directory intended for script execution.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>Web Administrator</Responsibility><IAControls></IAControls>

ID: SV-32763r2_rule
Severity: Medium
Updated: about 1 year ago

Locate any cgi-bin files and directories enabled in the Apache configuration via Script, ScriptAlias or other Script* directives.

Remove the printenv default CGI in cgi-bin directory if it is installed. 

rm $APACHE_PREFIX/cgi-bin/printenv. 
Remove the test-cgi file from the cgi-bin directory if it is installed. 

rm $APACHE_PREFIX/cgi-bin/test-cgi. 

Review and remove any other cgi-bin files which are not needed for business purposes.

All interactive programs must be placed in a designated directory with appropriate permissions.

Description

Remediation - Manual Procedure