II - Mission Support Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000516-WSR-000174
Group -
OHS must deny all access by default when considering whether to serve a file.
Part of securing OHS is allowing/denying access to the web server. Deciding on the manor the allow/deny rules are evaluated can turn what was once an allowable access into being blocked if the eva...Rule Medium Severity -
SRG-APP-000516-WSR-000174
Group -
The OHS instance installation must not contain an .htaccess file.
.htaccess files are used to override settings in the OHS configuration files. The placement of the .htaccess file is also important as the settings will affect the directory where the file is loca...Rule Medium Severity -
SRG-APP-000516-WSR-000174
Group -
The OHS instance configuration must not reference directories that contain an .htaccess file.
.htaccess files are used to override settings in the OHS configuration files. The placement of the .htaccess file is also important as the settings will affect the directory where the file is loca...Rule Medium Severity -
SRG-APP-000516-WSR-000174
Group -
OHS must have the HostnameLookups directive enabled.
Setting the "HostnameLookups" to "On" allows for more information to be logged in the event of an attack and subsequent investigation. This information can be added to other information gathered t...Rule Low Severity -
SRG-APP-000516-WSR-000174
Group -
OHS must have the ServerAdmin directive set properly.
Making sure that information is given to the system administrator in a timely fashion is important. This information can be system status, warnings that may need attention before system failure or...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.