Skip to content

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000516-WSR-000174

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the RewriteLogLevel directive set to the proper log level.

    &lt;VulnDiscussion&gt;Logging must not contain sensitive information or more information necessary than that needed to administer the system. The ...
    Rule Low Severity
  • SRG-APP-000516-WSR-000174

    <GroupDescription></GroupDescription>
    Group
  • OHS must have the RewriteLog directive set properly.

    &lt;VulnDiscussion&gt;Specifying where the log files are written gives the system administrator the capability to store the files in a location oth...
    Rule Low Severity
  • SRG-APP-000516-WSR-000174

    <GroupDescription></GroupDescription>
    Group
  • All accounts installed with the web server software and tools must have passwords assigned and default passwords changed.

    &lt;VulnDiscussion&gt;During installation of the web server software, accounts are created for the web server to operate properly. The accounts ins...
    Rule Medium Severity
  • SRG-APP-000516-WSR-000174

    <GroupDescription></GroupDescription>
    Group
  • A production OHS Installation must prohibit the installation of a compiler.

    &lt;VulnDiscussion&gt;The presence of a compiler on a production server facilitates the malicious user’s task of creating custom versions of progra...
    Rule Medium Severity
  • SRG-APP-000516-WSR-000174

    <GroupDescription></GroupDescription>
    Group
  • A public OHS installation, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.

    &lt;VulnDiscussion&gt;To minimize exposure of private assets to unnecessary risk by attackers, public web servers must be isolated from internal sy...
    Rule Medium Severity
  • SRG-APP-000516-WSR-000174

    <GroupDescription></GroupDescription>
    Group
  • A private OHS installation must be located on a separate controlled access subnet.

    &lt;VulnDiscussion&gt;Private web servers, which host sites that serve controlled access data, must be protected from outside threats in addition t...
    Rule Medium Severity
  • SRG-APP-000516-WSR-000174

    <GroupDescription></GroupDescription>
    Group
  • The version of the OHS installation must be vendor-supported.

    &lt;VulnDiscussion&gt;Many vulnerabilities are associated with older versions of software. As hot fixes and patches are issued, these solutions ar...
    Rule High Severity
  • SRG-APP-000516-WSR-000174

    <GroupDescription></GroupDescription>
    Group
  • OHS must be certified with accompanying Fusion Middleware products.

    &lt;VulnDiscussion&gt;OHS is capable of being used with other Oracle products. For the products to work properly and not introduce vulnerabilities...
    Rule Medium Severity
  • SRG-APP-000516-WSR-000174

    <GroupDescription></GroupDescription>
    Group
  • OHS tools must be restricted to the web manager and the web managers designees.

    &lt;VulnDiscussion&gt;All automated information systems are at risk of data loss due to disaster or compromise. Failure to provide adequate protect...
    Rule Medium Severity
  • SRG-APP-000516-WSR-000174

    <GroupDescription></GroupDescription>
    Group
  • All utility programs, not necessary for operations, must be removed or disabled.

    &lt;VulnDiscussion&gt;Just as running unneeded services and protocols is a danger to the web server at the lower levels of the OSI model, running u...
    Rule Low Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules