I - Mission Critical Public
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000516-WSR-000174
<GroupDescription></GroupDescription>Group -
OHS administration must be performed over a secure path or at the local console.
<VulnDiscussion>Logging into a web server remotely using an unencrypted protocol or service when performing updates and maintenance is a majo...Rule High Severity -
SRG-APP-000516-WSR-000174
<GroupDescription></GroupDescription>Group -
OHS must not contain any robots.txt files.
<VulnDiscussion>Search engines are constantly at work on the Internet. Search engines are augmented by agents, often referred to as spiders ...Rule Medium Severity -
SRG-APP-000516-WSR-000174
<GroupDescription></GroupDescription>Group -
OHS must prohibit anonymous FTP user access to interactive scripts.
<VulnDiscussion>The directories containing the CGI scripts, such as PERL, must not be accessible to anonymous users via FTP. This applies to ...Rule Medium Severity -
SRG-APP-000516-WSR-000174
<GroupDescription></GroupDescription>Group -
The OHS DocumentRoot directory must be in a separate partition from the OHS ServerRoot directory.
<VulnDiscussion>Application partitioning enables an additional security measure by securing user traffic under one security context, while ma...Rule Medium Severity -
SRG-APP-000516-WSR-000174
<GroupDescription></GroupDescription>Group -
The OHS DocumentRoot directory must be on a separate partition from OS root partition.
<VulnDiscussion>Application partitioning enables an additional security measure by securing user traffic under one security context, while ma...Rule Medium Severity -
SRG-APP-000516-WSR-000174
<GroupDescription></GroupDescription>Group -
Remote authors or content providers must have all files scanned for viruses and malicious code before uploading files to the Document Root directory.
<VulnDiscussion>Remote web authors should not be able to upload files to the DocumentRoot directory structure without virus checking and chec...Rule Medium Severity -
SRG-APP-000516-WSR-000174
<GroupDescription></GroupDescription>Group -
A public OHS server must use TLS if authentication is required to host web sites.
<VulnDiscussion>Transport Layer Security (TLS) is optional for a public web server. However, if authentication is being performed, then the ...Rule Medium Severity -
SRG-APP-000516-WSR-000174
<GroupDescription></GroupDescription>Group -
OHS hosted web sites must utilize ports, protocols, and services according to PPSM guidelines.
<VulnDiscussion>Failure to comply with DoD ports, protocols, and services (PPS) requirements can result in compromise of enclave boundary pro...Rule Low Severity -
SRG-APP-000516-WSR-000174
<GroupDescription></GroupDescription>Group -
OHS must not have the directive PlsqlDatabasePassword set in clear text.
<VulnDiscussion>OHS supports the use of the module mod_plsql, which allows applications to be hosted that are PL/SQL-based. To access the da...Rule High Severity -
SRG-APP-000141-WSR-000075
<GroupDescription></GroupDescription>Group -
If WebLogic is not in use with OHS, OHS must have the include mod_wl_ohs.conf directive disabled at the server level.
<VulnDiscussion>A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to r...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.