OHS must have the LoadModule authn_file_module directive disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-221379 | OH12-1X-000132 | SV-221379r879587_rule | Medium |
| Description |
|---|
| A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DoD system. The web server must provide the capability to disable, uninstall, or deactivate functionality and services that are deemed to be non-essential to the web server mission or can adversely impact server performance. |
| STIG | Date |
|---|---|
| Oracle HTTP Server 12.1.3 Security Technical Implementation Guide | 2022-12-09 |
Details
| Check Text ( C-23094r414820_chk ) |
|---|
| 1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/ 2. Search for the "LoadModule authn_file_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding. |
| Fix Text (F-23083r414821_fix) |
|---|
| 1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/ 2. Search for the "LoadModule authn_file_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule authn_file_module" directive if it exists. |