|Finding ID||Version||Rule ID||IA Controls||Severity|
|Determining a safe state for failure and weighing that against a potential denial of service for users depends on what type of application the web server is hosting. For an application presenting publicly available information that is not critical, a safe state for failure might be to shut down for any type of failure, but for an application that presents critical and timely information, a shutdown might not be the best state for all failures. Performing a proper risk analysis of the hosted applications and configuring the web server according to what actions to take for each failure condition will provide a known fail safe state for the web server. Satisfies: SRG-APP-000225-WSR-000140, SRG-APP-000225-WSR-000074|
|Apache Server 2.4 UNIX Server Security Technical Implementation Guide||2022-12-14|
|Check Text ( C-15468r277022_chk )|
| Interview the System Administrator for the Apache 2.4 web server. |
Ask for documentation on the disaster recovery methods tested and planned for the Apache 2.4 web server in the event of the necessity for rollback.
If documentation for a disaster recovery has not been established, this is a finding.
|Fix Text (F-15466r277023_fix)|
| Prepare documentation for disaster recovery methods for the Apache 2.4 web server in the event of the necessity for rollback. |
Document and test the disaster recovery methods designed.