The score board file must be properly secured.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-26322 | WA00535 A22 | SV-33223r2_rule | - | medium |
| Description | ||||
| The ScoreBoardfile directive sets a file path which the server will use for Inter-Process Communication (IPC) among the Apache processes. If the directive is specified, then Apache will use the configured file for the inter-process communication. Therefore if it is specified it needs to be located in a secure directory. If the ScoreBoardfile is placed in a writable directory, other accounts could create a denial of service attack and prevent the server from starting by creating a file with the same name, and or users could monitor and disrupt the communication between the processes by reading and writing to the file. | ||||
| STIG | Date | |||
| APACHE 2.2 Server for UNIX Security Technical Implementation Guide | 2019-01-07 | |||
Details
Check Text (C-33223r2_chk)
To determine the location of the file enter the following command:
find / -name ScoreBoard.
To view the permissions on the file enter the following command:
ls -lL /path/of/ScoreBoard.
If the permissions on the file are not set to 644 or is configured to be less restrictive, this is a finding.
Fix Text (F-29415r1_fix)
The scoreboard file is created when the server starts, and is deleted when it shuts down, set the permissions during the creation of the file.