Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ohs.plugins.nodemanager.properties file with an editor. 2. Search for the "mpm" property. 3. If the "mpm" property is omitted or commented out, this is a finding. 4. If the "mpm" property is not set to "worker", this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ohs.plugins.nodemanager.properties with an editor. 2. Set the "mpm" property to a value of "worker", add the property if it does not exist.
1. Open the $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf file with an editor. 2. Search for the "<IfModule mpm_prefork_module>" directive at the OHS server configuration scope. 3. If this directive is found and not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "<IfModule mpm_prefork_module>" directive at the OHS server configuration scope. 3. Comment out the "<IfModule mpm_prefork_module>" directive and any directives that it contains.
1. Open the $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf file with an editor. 2. Search for the "MaxClients" directive within "<IfModule mpm_worker_module>" directive at the OHS server configuration scope. 3. If "MaxClients" is omitted or set greater than "2000", this is a finding. Note: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of a higher value. If the site has this documentation, this should be marked as not a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "MaxClients" directive within "<IfModule mpm_worker_module>" directive at the OHS server configuration scope. 3. Within the "<IfModule mpm_worker_module>" directive, set the "MaxClients" directive to "2000" or less, add the directive if it does not exist. Note: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of a higher value.
1. Open the $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf file with an editor. 2. Search for the "ThreadsPerChild" directive within "<IfModule mpm_worker_module>" directive at the OHS server configuration scope. 3. If "ThreadsPerChild" is omitted or set greater than "25", this is a finding. 4. Search for the "ThreadLimit" directive within "<IfModule mpm_worker_module>" directive at the OHS server configuration scope. 5. If "ThreadLimit" is omitted or set greater than "64", this is a finding. Note: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of a higher value. If the site has this documentation, this should be marked as not a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "ThreadsPerChild" directive within "<IfModule mpm_worker_module>" directive at the OHS server configuration scope. 3. Within the "<IfModule mpm_worker_module>" directive, set the "ThreadsPerChild" directive to "25", add the directive if it does not exist. 4. Search for the "ThreadLimit" directive within "<IfModule mpm_worker_module>" directive at the OHS server configuration scope. 5. Within the "<IfModule mpm_worker_module>" directive, set the "ThreadLimit" directive to "64", add the directive if it does not exist. Note: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of a higher value.
1. Open the $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf file with an editor. 2. Search for the "ServerLimit" directive within "<IfModule mpm_worker_module>" directive at the OHS server configuration scope. 3. If "ServerLimit" is omitted or set greater than the maximum of "16" and the calculation of "MaxClients"/"ThreadsPerChild", this is a finding. Note: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of a higher value. If the site has this documentation, this should be marked as not a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "ServerLimit" directive within "<IfModule mpm_worker_module>" directive at the OHS server configuration scope. 3. Within the "<IfModule mpm_worker_module>" directive, set the "ServerLimit" directive to the maximum of "16" and the calculation of "MaxClients"/"ThreadsPerChild" immediately before the "MaxClients" directive, add the directive if it does not exist. Note: This vulnerability can be documented locally with the ISSM/ISSO if the site has operational reasons for the use of a higher value.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule ossl_module" directive at the OHS server configuration scope. 3. If the directive is omitted, this is a finding. 4. Validate that the file specified exists. If the file does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule ossl_module" directive at the OHS server configuration scope. 3. Set the "LoadModule ossl_module" directive to""${PRODUCT_HOME}/modules/mod_ossl.so"", add the directive if it does not exist.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for the "SSLFIPS" directive at the OHS server configuration scope. 3. If the directive is omitted or is not set to "On", this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for the "SSLFIPS" directive at the OHS server configuration scope. 3. Set the "SSLFIPS" directive to "On", add the directive if it does not exist.
1. As required, open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that requires an SSL-enabled "<VirtualHost>" directive. Note: Does not apply to admin.conf. 2. Search for the following directive at the OHS server, virtual host, and/or directory configuration scopes: "SSLEngine" "SSLProtocol" "SSLWallet" 3. If any of these directives are omitted, this is a finding. 4. If "SSLEngine" is not set to "On", or "SSLProtocol" is not set to "TLSv1.2", this is a finding. 5. Validate that the folder specified in the "SSLWallet" directive exists. If the folder does not exist or contain a valid wallet, this is a finding.
1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that requires an SSL-enabled "<VirtualHost>" directive. Note: Does not apply to admin.conf. 2a. Search for the "SSLEngine" directive at the OHS server, virtual host, and/or directory configuration scopes. 2b. Set the "SSLEngine" directive to "On"; add the directive if it does not exist. 3a. Search for the "SSLProtocol" directive at the OHS server configuration, virtual host, and/or directory levels. 3b. Set the "SSLProtocol" directive to "TLSv1.2"; add the directive if it does not exist. 4a. Search for the "SSLWallet" directive at the OHS server configuration, virtual host, and/or directory levels. 4b. Set the "SSLWallet" directive to the location (i.e., folder within $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/<componentName>/keystores) of the Oracle wallet created via orapki with AES Encryption (-compat_v12 parameters) that contains only the identity certificate for the host and DoD Certificate Authorities, add the directive if it does not exist.
1. As required, open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that requires an SSL-enabled "<VirtualHost>" directive. Note: Does not apply to admin.conf. 2. Search for the "SSLCipherSuite" directive at the OHS server, virtual host, and/or directory configuration scopes. 3. If the directive is omitted or set improperly, this is a finding.
1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that requires an SSL-enabled "<VirtualHost>" directive. Note: Does not apply to admin.conf. 2. Search for the "SSLCipherSuite" directive at the OHS server, virtual host, and/or directory configuration scopes. 3. Set the "SSLCipherSuite" directive to "SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,RSA_WITH_AES_128_CBC_SHA256,RSA_WITH_AES_256_CBC_SHA256,RSA_WITH_AES_128_GCM_SHA256,RSA_WITH_AES_256_GCM_SHA384,ECDHE_ECDSA_WITH_AES_128_CBC_SHA,ECDHE_ECDSA_WITH_AES_256_CBC_SHA,ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,ECDHE_RSA_WITH_AES_128_CBC_SHA,ECDHE_RSA_WITH_AES_256_CBC_SHA", add the directive if it does not exist. Note: Ciphers may be added or removed from the list above per the organization's requirements or if vulnerabilities are found with a specific cipher.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule ossl_module" directive at the OHS server configuration scope. 3. If the directive is omitted, this is a finding. 4. Validate that the file specified exists. If the file does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule ossl_module" directive at the OHS server configuration scope. 3. Set the "LoadModule ossl_module" directive to""${PRODUCT_HOME}/modules/mod_ossl.so"", add the directive if it does not exist.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for the "SSLFIPS" directive at the OHS server configuration scope. 3. If the directive is omitted or is not set to "On", this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for the "SSLFIPS" directive at the OHS server configuration scope. 3. Set the "SSLFIPS" directive to "On", add the directive if it does not exist.
1. As required, open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that requires an SSL-enabled "<VirtualHost>" directive. Note: Does not apply to admin.conf. 2. Search for the following directive at the OHS server, virtual host, and/or directory configuration scopes: "SSLEngine" "SSLProtocol" "SSLWallet" 3. If any of these directives are omitted, this is a finding. 4. If "SSLEngine" is not set to "On", or "SSLProtocol" is not set to "TLSv1.2", this is a finding. 5. Validate that the folder specified in the "SSLWallet" directive exists. If the folder does not exist or contain a valid wallet, this is a finding.
1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that requires an SSL-enabled "<VirtualHost>" directive. Note: Does not apply to admin.conf. 2a. Search for the "SSLEngine" directive at the OHS server, virtual host, and/or directory configuration scopes. 2b. Set the "SSLEngine" directive to "On"; add the directive if it does not exist. 3a. Search for the "SSLProtocol" directive at the OHS server configuration, virtual host, and/or directory levels. 3b. Set the "SSLProtocol" directive to "TLSv1.2"; add the directive if it does not exist. 4a. Search for the "SSLWallet" directive at the OHS server configuration, virtual host, and/or directory levels. 4b. Set the "SSLWallet" directive to the location (i.e., folder within $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/<componentName>/keystores) of the Oracle wallet created via orapki with AES Encryption (-compat_v12 parameters) that contains only the identity certificate for the host and DoD Certificate Authorities, add the directive if it does not exist.
1. As required, open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that requires an SSL-enabled "<VirtualHost>" directive. 2. Search for the "SSLCipherSuite" directive at the OHS server, virtual host, and/or directory configuration scopes. 3. If the directive is omitted or set improperly, this is a finding.
1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that requires an SSL-enabled "<VirtualHost>" directive. 2. Search for the "SSLCipherSuite" directive at the OHS server, virtual host, and/or directory configuration scopes. 3. Set the "SSLCipherSuite" directive to "SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,RSA_WITH_AES_128_CBC_SHA256,RSA_WITH_AES_256_CBC_SHA256,RSA_WITH_AES_128_GCM_SHA256,RSA_WITH_AES_256_GCM_SHA384,ECDHE_ECDSA_WITH_AES_128_CBC_SHA,ECDHE_ECDSA_WITH_AES_256_CBC_SHA,ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,ECDHE_RSA_WITH_AES_128_CBC_SHA,ECDHE_RSA_WITH_AES_256_CBC_SHA", add the directive if it does not exist. Note: Ciphers may be removed from the list above per the organization's requirements or if vulnerabilities are found with a specific cipher.
If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL: 1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that contains an SSL-enabled "<VirtualHost>" directive. 2. Search for the "SecureProxy" directive within an "<IfModule weblogic_module>" at the virtual host configuration scope. 3. If the directive is omitted or is not set to "On", this is a finding.
1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that contains an SSL-enabled "<VirtualHost>" directive. 2. Search for the "SecureProxy" directive within an "<IfModule weblogic_module>" at the virtual host configuration scope. 3. Set the "SecureProxy" directive to "On", add the directive if it does not exist.
If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL: 1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that contains an SSL-enabled "<VirtualHost>" directive. 2. Search for the "WLSSLWallet" directive within an "<IfModule weblogic_module>" at the virtual host configuration scope. 3. If the directive is omitted or is not set to a folder containing a valid wallet, this is a finding.
1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that contains an SSL-enabled "<VirtualHost>" directive. 2. Search for the "WLSSLWallet" directive within an "<IfModule weblogic_module>" at the virtual host configuration scope. 3. Set the "WLSSLWallet" directive to the location (i.e., folder within $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/<componentName>/keystores) of the Oracle wallet created via orapki with AES Encryption (-compat_v12 parameters) that contains the certificate chain served by the WebLogic host/port combination, add the directive if it does not exist.
If using the WebLogic Web Server Proxy Plugin and configuring end-to-end SSL: 1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that contains an SSL-enabled "<VirtualHost>" directive. 2. Search for the "WebLogicSSLVersion" directive within an "<IfModule weblogic_module>" at the virtual host configuration scope. 3. If the directive is omitted or is not set to "TLSv1.2", this is a finding.
1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that contains an SSL-enabled "<VirtualHost>" directive. 2. Search for the "WebLogicSSLVersion" directive within an "<IfModule weblogic_module>" at the virtual host configuration scope. 3. Set the "WebLogicSSLVersion" directive to "TLSv1_2", add the directive if it does not exist.
If using the WebLogic Web Server Proxy Plugin and configuring SSL termination at OHS: 1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that contains an SSL-enabled "<VirtualHost>" directive. 2. Search for the "WLProxySSL" directive within an "<IfModule weblogic_module>" at the virtual host configuration scope. 3. If the directive is omitted or is not set to "On", this is a finding.
1. Open every .conf file (e.g., ssl.conf) included in $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor that contains an SSL-enabled "<VirtualHost>" directive. 2. Search for the "WLProxySSL" directive within an "<IfModule weblogic_module>" at the virtual host configuration scope. 3. Set the "WLProxySSL" directive to "On", add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule log_config_module" directive at the OHS server configuration scope. 3. If the directive is omitted, this is a finding. 4. Validate that the file specified exists. If the file does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule log_config_module" directive at the OHS server configuration scope. 3. Set the "LoadModule log_config_module" directive to ""${PRODUCT_HOME}/modules/mod_log_config.so"", add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogMode" directive at the OHS server configuration scope. 3. If the directive is omitted or is not set to "odl-text", this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogMode" directive at the OHS server configuration scope. 3. Set the "OraLogMode" directive to "odl-text", add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogDir" directive at the OHS server configuration scope. 3. If the directive is omitted, this is a finding. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogDir" directive at the OHS server configuration scope. 3. Set the "OraLogDir" directive to an appropriate, protected location on a partition with sufficient space that is different from the partition on which the OHS software is installed; add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogSeverity" directive at the OHS server configuration scope. 3. If the directive is omitted or is not set to "NOTIFICATION:32", this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogSeverity" directive at the OHS server configuration scope. 3. Set the "OraLogSeverity" directive to "NOTIFICATION:32", add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogRotationParams" directive at the OHS server configuration scope. 3. If the directive is omitted or set improperly, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogRotationParams" directive at the OHS server configuration scope. 3. As required, set the "OraLogRotationParams" directive to satisfy the NIST 800-92 logging requirements, add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i" dod", add the directive if it does not exist unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3a. If the virtual host is NOT configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod", add the directive if it does not exist unless inherited from a larger scope. 3b. If the virtual host is configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Review the directives (e.g., "<VirtualHost>", "<Directory>", and "<Location>") at the OHS server and virtual host configuration scopes. 3. If these directives do not contain the appropriate access protection via secure authentication, SSL-associated directives, or "Order", "Deny", and "Allow" directives to secure access or prohibit access from nonsecure zones, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Review the directives (e.g., "<VirtualHost>", "<Directory>", and "<Location>") at the OHS server and virtual host configuration scopes. 3. Configure the web server to require secure authentication as required, use SSL, and/or restrict access from nonsecure zones via "Order", "Deny", and "Allow" directives. Note: A product such as Oracle Access Manager may facilitate satisfying these requirements.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "<Directory>" directive at the OHS server and virtual host configuration scopes. Note: This check does not apply to the root directory, i.e. the <Directory /> directive. 3. If the "<Directory>" directive does not contain the appropriate "Order", "Deny", and "Allow" directives to prohibit access from nonsecure zones, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "<Directory>" directive at the OHS server and virtual host configuration scopes. Note: This fix does not apply to the root directory, i.e. the <Directory /> directive. 3. Set the "Order" directive to "allow,deny", add the directive if it does not exist. 4. Set "Allow" directives to "from all" or to an IP range (e.g., "from 123.123"), add the directives if they do not exist. 5. Set "Deny" directives to an IP range (e.g., "from 123.123") to specify nonsecure zones, add the directives if they do not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "<Files>" directive at the OHS server, virtual host, and directory configuration scopes. 3. If the "<Files>" directive does not contain the appropriate "Order", "Deny", and "Allow" directives to prohibit access from nonsecure zones, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "<Files>" directive at the OHS server, virtual host, and directory configuration scopes. 3. Set the "Order" directive to "allow,deny", add the directive if it does not exist. 4. Set "Allow" directives to "from all" or to an IP range (e.g., "from 123.123"), add the directives if they do not exist. 5. Set "Deny" directives to an IP range (e.g., "from 123.123") to specify nonsecure zones, add the directives if they do not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "<Location>" directive at the OHS server and virtual host configuration scopes. 3. If the "<Location>" directive does not contain the appropriate "Order", "Deny", and "Allow" directives to prohibit access from nonsecure zones, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "<Location>" directive at the OHS server and virtual host configuration scopes. 3. Set the "Order" directive to "allow,deny", add the directive if it does not exist. 4. Set "Allow" directives to "from all" or to an IP range (e.g., "from 123.123"), add the directives if they do not exist. 5. Set "Deny" directives to an IP range (e.g., "from 123.123") to specify nonsecure zones, add the directives if they do not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "<Directory>", "<Files>", or "<Location>" directive serving the application/content under attack at the OHS server, virtual host, or directory configuration scope. 3. If the "<Directory>", "<Files>", or "<Location>" directive serving the application/content under attack does not contain the appropriate "Order", "Deny", and "Allow" directives to prohibit access, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "<Directory>", "<Files>", or "<Location>" directive serving the application/content under attack at the OHS server, virtual host, or directory configuration scope. 3. Set the "Order" directive to "allow,deny", add the directive if it does not exist. 4. Comment out any "Allow" directives to prohibit access to the application/content under attack if it exists. 5. Set "Deny" directives to "from all" to prohibit access to the application/content under attack, add the directive if it does not exist. 6. Issue a "nmSoftRestart(serverName='componentName',serverType='OHS') from the WLST shell prompt.
1. Check that sudo is properly configured for the account owning the OHS software. 2. If accounts other than the account that owns the OHS software can access the OHS software, this is a finding.
1. Configure sudo such that only the account that owns the OHS software can access it from the hosting system.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule log_config_module" directive at the OHS server configuration scope. 3. If the directive is omitted, this is a finding. 4. Validate that the file specified exist. If the file does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule log_config_module" directive at the OHS server configuration scope. 3. Set the "LoadModule log_config_module" directive to ""${PRODUCT_HOME}/modules/mod_log_config.so"", add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogMode" directive at the OHS server configuration scope. 3. If the directive is omitted or is not set to "odl-text", this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogMode" directive at the OHS server configuration scope. 3. Set the "OraLogMode" directive to "odl-text", add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogDir" directive at the OHS server configuration scope. 3. If the directive is omitted, this is a finding. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogDir" directive at the OHS server configuration scope. 3. Set the "OraLogDir" directive to an appropriate, protected location on a partition with sufficient space that is different from the partition on which the OHS software is installed; add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogSeverity" directive at the OHS server configuration scope. 3. If the directive is omitted or is not set to "NOTIFICATION:32", this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogSeverity" directive at the OHS server configuration scope. 3. Set the "OraLogSeverity" directive to "NOTIFICATION:32", add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogRotationParams" directive at the OHS server configuration scope. 3. If the directive is omitted or set improperly, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogRotationParams" directive at the OHS server configuration scope. 3. As required, set the "OraLogRotationParams" directive to satisfy the NIST 800-92 logging requirements, add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i" dod", add the directive if it does not exist unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3a. If the virtual host is NOT configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod", add the directive if it does not exist unless inherited from a larger scope. 3b. If the virtual host is configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogSeverity" directive at the OHS server configuration scope. 3. If the directive is omitted or is not set to "NOTIFICATION:32", this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogSeverity" directive at the OHS server configuration scope. 3. Set the "OraLogSeverity" directive to "NOTIFICATION:32", add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i" dod", add the directive if it does not exist unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3a. If the virtual host is NOT configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod", add the directive if it does not exist unless inherited from a larger scope. 3b. If the virtual host is configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i" dod", add the directive if it does not exist unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3a. If the virtual host is NOT configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod", add the directive if it does not exist unless inherited from a larger scope. 3b. If the virtual host is configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i" dod", add the directive if it does not exist unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3a. If the virtual host is NOT configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod", add the directive if it does not exist unless inherited from a larger scope. 3b. If the virtual host is configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i" dod", add the directive if it does not exist unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3a. If the virtual host is NOT configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod", add the directive if it does not exist unless inherited from a larger scope. 3b. If the virtual host is configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i" dod", add the directive if it does not exist unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3a. If the virtual host is NOT configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod", add the directive if it does not exist unless inherited from a larger scope. 3b. If the virtual host is configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i" dod", add the directive if it does not exist unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3a. If the virtual host is NOT configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod", add the directive if it does not exist unless inherited from a larger scope. 3b. If the virtual host is configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i" dod", add the directive if it does not exist unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes. 3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3a. If the virtual host is NOT configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod", add the directive if it does not exist unless inherited from a larger scope. 3b. If the virtual host is configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.
1. Change to the ORACLE_HOME/user_projects/domains/base_domain/servers directory. 2. Execute the command: find . -name *.log 3. Verify that each log file that was returned has the owner and group set to the user and group used to run the web server. The user and group are typically set to Oracle. 4. Verify that each log file that was returned has the permissions on the log file set to "640" or more restrictive. If the owner, group or permissions are set incorrectly on any of the log files, this is a finding.
1. Change to the ORACLE_HOME/user_projects/domains/base_domain/servers directory. 2. Execute the command: find . -name *.log 3. Set the owner and group to the user and group used to run the web server. The user and group are typically set to Oracle. 4. Set the permissions on all the log files returned to "640".
1. Change to the ORACLE_HOME/user_projects/domains/base_domain/servers directory. 2. Execute the command: find . -name *.log 3. Verify that each log file that was returned has the owner and group set to the user and group used to run the web server. The user and group are typically set to Oracle. 4. Verify that each log file that was returned has the permissions on the log file set to "640" or more restrictive. If the owner, group or permissions are set incorrectly on any of the log files, this is a finding.
1. Change to the ORACLE_HOME/user_projects/domains/base_domain/servers directory. 2. Execute the command: find . -name *.log 3. Set the owner and group to the user and group used to run the web server. The user and group are typically set to Oracle. 4. Set the permissions on all the log files returned to "640".
1. Change to the ORACLE_HOME/user_projects/domains/base_domain/servers directory. 2. Execute the command: find . -name *.log 3. Verify that each log file that was returned has the owner and group set to the user and group used to run the web server. The user and group are typically set to Oracle. 4. Verify that each log file that was returned has the permissions on the log file set to "640" or more restrictive. If the owner, group or permissions are set incorrectly on any of the log files, this is a finding.
1. Change to the ORACLE_HOME/user_projects/domains/base_domain/servers directory. 2. Execute the command: find . -name *.log 3. Set the owner and group to the user and group used to run the web server. The user and group are typically set to Oracle. 4. Set the permissions on all the log files returned to "640".
1. Verify that the System Administrator backs up the files located in the $DOMAIN_HOME/servers/<componentName>/logs directory. 2. If the files located in the $DOMAIN_HOME/servers/<componentName>/logs directory, this is a finding.
Have the System Administrator back up the files located in the $DOMAIN_HOME/servers/<componentName>/logs directory.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogDir" directive at the OHS server configuration scope. 3. If the directive is omitted, this is a finding. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "OraLogDir" directive at the OHS server configuration scope. 3. Set the "OraLogDir" directive to an appropriate, protected location on a partition with sufficient space that is different from the partition on which the OHS software is installed; add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3a. If the virtual host is NOT configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod", add the directive if it does not exist unless inherited from a larger scope and reference a location where other tools can access the log files for diagnostic/forensic purposes. 3b. If the virtual host is configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs <DESIRED_DIRECTORY_AND_FILE_NAME> 43200" dod_ssl", add the directive if it does not exist unless inherited from a larger scope and reference a location where other tools can access the log files for diagnostic/forensic purposes.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule file_cache_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule file_cache_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule file_cache_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule vhost_alias_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule vhost_alias_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule vhost_alias_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule env_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule env_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule env_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule mime_magic_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule mime_magic_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule mime_magic_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule negotiation_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule negotiation_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule negotiation_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "LanguagePriority" directive. 2. Search for the "LanguagePriority" directive at the OHS server, virtual host, and directory configuration scopes. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "LanguagePriority" directive. 2. Search for the "LanguagePriority" directive at the OHS server, virtual host, and directory configuration scopes. 3. Comment out the "LanguagePriority" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "ForceLanguagePriority" directive. 2. Search for the "ForceLanguagePriority" directive at the OHS server, virtual host, and directory configuration scopes. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "ForceLanguagePriority" directive. 2. Search for the "ForceLanguagePriority" directive at the OHS server, virtual host, and directory configuration scopes. 3. Comment out the "ForceLanguagePriority" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule status_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule status_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule status_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule info_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule info_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule info_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule include_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule include_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule include_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule autoindex_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule autoindex_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule autoindex_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an "IndexOptions" directive. 2. Search for the "IndexOptions" directive at the OHS server, virtual host, and directory configuration scopes. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an "IndexOptions" directive. 2. Search for the "IndexOptions" directive at the OHS server, virtual host, and directory configuration scopes. 3. Comment out the "IndexOptions" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an "AddIconByEncoding" directive. 2. Search for an "AddIconByEncoding" directive at the OHS server, virtual host, and directory configuration scopes. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an "AddIconByEncoding" directive. 2. Search for an "AddIconByEncoding" directive at the OHS server, virtual host, and directory configuration scopes. 3. Comment out the "AddIconByEncoding" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an "AddIconByType" directive. 2. Search for an "AddIconByType" directive at the OHS server, virtual host, and directory configuration scopes. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an "AddIconByType" directive. 2. Search for an "AddIconByType" directive at the OHS server, virtual host, and directory configuration scopes. 3. Comment out the "AddIconByType" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an "AddIcon" directive. 2. Search for an "AddIcon" directive at the OHS server, virtual host, and directory configuration scopes. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an "AddIcon" directive. 2. Search for an "AddIcon" directive at the OHS server, virtual host, and directory configuration scopes. 3. Comment out the "AddIcon" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "DefaultIcon" directive. 2. Search for a "DefaultIcon" directive at the OHS server, virtual host, and directory configuration scopes. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "DefaultIcon" directive. 2. Search for a "DefaultIcon" directive at the OHS server, virtual host, and directory configuration scopes. 3. Comment out the "DefaultIcon" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "ReadmeName" directive. 2. Search for a "ReadmeName" directive at the OHS server, virtual host, and directory configuration scopes. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "ReadmeName" directive. 2. Search for a "ReadmeName" directive at the OHS server, virtual host, and directory configuration scopes. 3. Comment out the "ReadmeName" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "HeaderName" directive. 2. Search for a "HeaderName" directive at the OHS server, virtual host, and directory configuration scopes. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "HeaderName" directive. 2. Search for a "HeaderName" directive at the OHS server, virtual host, and directory configuration scopes. 3. Comment out the "HeaderName" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an "IndexIgnore" directive. 2. Search for an "IndexIgnore" directive at the OHS server, virtual host, and directory configuration scopes. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains an "IndexIgnore" directive. 2. Search for an "IndexIgnore" directive at the OHS server, virtual host, and directory configuration scopes. 3. Comment out the "IndexIgnore" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule dir_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule dir_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule dir_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "DirectoryIndex" directive. 2. Search for the "DirectoryIndex" directive at the OHS server, virtual host, and directory configuration scopes. 3. If the directive and any surrounding "<IfModule dir_module>" directive exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "DirectoryIndex" directive. 2. Search for the "DirectoryIndex" directive at the OHS server, virtual host, and directory configuration scopes. 3. Comment out the "DirectoryIndex" directive and any surrounding "<IfModule dir_module>" directive if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule cgi_module" directive within the "<IfModule mpm_prefork_module>" directive at the OHS server configuration scope. 3. If the directive and its surrounding "<IfModule mpm_prefork_module>" directive exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule cgi_module" directive within the "<IfModule mpm_prefork_module>" directive at the OHS server configuration scope. 3. Comment out the "LoadModule cgi_module" directive and surrounding "<IfModule mpm_prefork_module>" directives if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule fastcgi_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule fastcgi_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule fastcgi_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule cgid_module" directive within the "<IfModule mpm_worker_module>" directive at the OHS server configuration scope. 3. If the directive and its surrounding "<IfModule mpm_worker_module>" directive exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule cgid_module" directive within the "<IfModule mpm_worker_module>" directive at the OHS server configuration scope. 3. Comment out the "LoadModule cgid_module" directive and surrounding "<IfModule mpm_worker_module>" directives if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<IfModule cgid_module>" directive. 2. Search for the "<IfModule cgid_module>" directive at the OHS server, virtual host, and directory configuration scope. 3. If the directive and any directives that it may contain exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<IfModule cgid_module>" directive. 2. Search for the "<IfModule cgid_module>" directive at the OHS server, virtual host, and directory configuration scopes. 3. Comment out the "<IfModule cgid_module>" directive and any directives it may contain.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule cgi_module" directive within the "<IfModule mpm_winnt_module>" directive at the OHS server configuration scope. 3. If the directive and its surrounding "<IfModule mpm_winnt_module>" directive exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule cgi_module" directive within the "<IfModule mpm_winnt_module>" directive at the OHS server configuration scope. 3. Comment out the "LoadModule cgi_module" directive and surrounding "<IfModule mpm_winnt_module>" directives if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "ScriptAlias /cgi-bin/" directive within a "<IfModule alias_module>" directive at the OHS server configuration scope. 3. If the directive and its surrounding "<IfModule alias_module>" directive exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "ScriptAlias /cgi-bin/" directive within a "<IfModule alias_module>" directive at the OHS server configuration scope. 3. Comment out the "ScriptAlias /cgi-bin/" directive and its surrounding "<IfModule alias_module>" directive if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "ScriptSock" directive within a "<IfModule cgid_module>" directive at the OHS server configuration scope. Note: “ScriptSock” may appear as “Scriptsock” within the httpd.conf file. 3. If the directive and its surrounding "<IfModule cgid_module>" directive exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "ScriptSock" directive within a "<IfModule cgid_module>" directive at the OHS server configuration scope. Note: “ScriptSock” may appear as “Scriptsock” within the httpd.conf file. 3. Comment out the "ScriptSock" directive and its surrounding "<IfModule cgid_module>" directive if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for a "<Directory "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/cgi-bin">" directive at the OHS server and virtual host configuration scopes. 3. If the directive and any directives that it contains exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for a "<Directory "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/cgi-bin">" directive at the OHS server and virtual host configuration scopes. 3. Comment out the "<Directory "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/cgi-bin">" directive and any directives it contains if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for a "<FilesMatch "\.(cgi|shtml|phtml|php)$">" directive at the virtual host configuration scope. 3. If the directive and any directives that it contains exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for a "<FilesMatch "\.(cgi|shtml|phtml|php)$">" directive at the OHS server configuration scope. 3. Comment out the "<FilesMatch "\.(cgi|shtml|phtml|php)$">" directive and any directives it contains if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule asis_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule asis_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule asis_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule imagemap_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule imagemap_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule imagemap_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule actions_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule actions_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule actions_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule speling_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule speling_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule speling_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule userdir_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule userdir_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule userdir_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru|tr))?(/.*)?$ "${PRODUCT_HOME}/manual$1"" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for an "AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru|tr))?(/.*)?$ "${PRODUCT_HOME}/manual$1"" directive at the OHS server configuration scope. 3. Comment out the "AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru|tr))?(/.*)?$ "${PRODUCT_HOME}/manual$1"" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "<Directory "${PRODUCT_HOME}/manual">" directive at the OHS server configuration scope. 3. If the directive and the directives it contains exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "<Directory "${PRODUCT_HOME}/manual">" directive at the OHS server configuration scope. 3. Comment out the "<Directory "${PRODUCT_HOME}/manual">" directive and any directives it contains if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule auth_basic_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule auth_basic_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule auth_basic_module" directive if it exists.
If the AO approved system security plan for web server configuration specifies using the OHS authz_user_module in order to meet application architecture requirements, this requirement can be marked NA. 1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule authz_user_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule authz_user_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule authz_user_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule authn_file_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule authn_file_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule authn_file_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule authn_anon_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule authn_anon_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule authn_anon_module" directive if it exists.
If the AO-approved system security plan for web server configuration specifies using the proxy_module directive in order to meet application architecture requirements and authentication is enforced, this requirement is NA. 1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule proxy_module" directive if it exists.
If the AO approved system security plan for the web server configuration specifies using the proxy_http_module directive in order to meet application architecture requirements and authentication is enforced, this requirement is NA. 1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_http_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_http_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule proxy_http_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_ftp_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_ftp_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule proxy_ftp_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_connect_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_connect_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule proxy_connnect_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_balancer_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_balancer_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule proxy_balancer_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule cern_meta_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule cern_meta_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule cern_meta_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule expires_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule expires_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule expires_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule usertrack_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule usertrack_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule usertrack_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule unique_id_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule unique_id_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule unique_id_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule setenvif_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule setenvif_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule setenvif_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "BrowserMatch" directive. 2. Search for the "BrowserMatch" directive at the OHS server, virtual host, and directory configuration scopes. 3. If the directive and any surrounding "BrowserMatch" directive exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "BrowserMatch" directive. 2. Search for the "BrowserMatch" directive at the OHS server, virtual host, and directory configuration scopes. 3. Comment out the "BrowserMatch" directive and any surrounding "<IfModule dir_module>" directive if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule dumpio_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule dumpio_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule dumpio_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "<IfModule dumpio_module>" directive at the OHS server configuration scope. 3. If the directive and any directives that it contains exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "<IfModule dumpio_module>" directive at the OHS server configuration scope. 3. Comment out the "<IfModule dumpio_module>" directive and any directives it contains if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for an "Alias /icons/" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for an "Alias /icons/" directive at the OHS server configuration scope. 3. Comment out the "Alias /icons/" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "<Directory "${PRODUCT_HOME}/icons">" directive at the OHS server configuration scope. 3. If the directive exists and any directives that it contains are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "<Directory "${PRODUCT_HOME}/icons">" directive at the OHS server configuration scope. 3. Comment out the "<Directory "$PRODUCT_HOME}/icons">" directive and any directives that it contains if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for the "<IfModule mpm_winnt_module>" directive at the OHS server configuration scope. 3. If the directive and any directives it contains exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for the "<IfModule mpm_winnt_module>" directive at the OHS server configuration scope. 3. Comment out the "<IfModule mpm_winnt_module>" directive and any directives it contains if they exist.
If the AO-approved system security plan for the web server configuration specifies using proxy_module directive in order to meet application architecture requirements, this requirement is NA. 1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule proxy_module" directive if it exists.
If the AO-approved system security plan for the web server configuration specifies using the proxy_http_module directive in order to meet application architecture requirements, this requirement is NA. 1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_http_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_http_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule proxy_http_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_ftp_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_ftp_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule proxy_ftp_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_connect_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_connect_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule proxy_connnect_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_balancer_module" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule proxy_balancer_module" directive at the OHS server configuration scope. 3. Comment out the "LoadModule proxy_balancer_module" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "<Directory "${PRODUCT_HOME}/manual">" directive at the OHS server configuration scope. 3. If the directive and the directives it contains exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "<Directory "${PRODUCT_HOME}/manual">" directive at the OHS server configuration scope. 3. Comment out the "<Directory "${PRODUCT_HOME}/manual">" directive and any directives it contains if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru|tr))?(/.*)?$ "${PRODUCT_HOME}/manual$1"" directive at the OHS server configuration scope. 3. If the directive exists and is not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for an "AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru|tr))?(/.*)?$ "${PRODUCT_HOME}/manual$1"" directive at the OHS server configuration scope. 3. Comment out the "AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru|tr))?(/.*)?$ "${PRODUCT_HOME}/manual$1"" directive if it exists.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for "AddHandler" directives at the OHS server, virtual host, and directory configuration scopes. 3. If an "AddHandler" directive exists, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for "AddHandler" directives at the OHS server, virtual host, and directory configuration scopes. 3. If an "AddHandler" directive exists, remove it.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule cgi_module" directive within the "<IfModule mpm_prefork_module>" directive at the OHS server configuration scope. 3. If the directive and its surrounding "<IfModule mpm_prefork_module>" directive exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule cgi_module" directive within the "<IfModule mpm_prefork_module>" directive at the OHS server configuration scope. 3. Comment out the "LoadModule cgi_module" directive and surrounding "<IfModule mpm_prefork_module>" directives if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule cgid_module" directive within the "<IfModule mpm_worker_module>" directive at the OHS server configuration scope. 3. If the directive and its surrounding "<IfModule mpm_worker_module>" directive exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule cgid_module" directive within the "<IfModule mpm_worker_module>" directive at the OHS server configuration scope. 3. Comment out the "LoadModule cgid_module" directive and surrounding "<IfModule mpm_worker_module>" directives if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<IfModule cgid_module>" directive. 2. Search for the "<IfModule cgid_module>" directive at the OHS server, virtual host, and directory configuration scope. 3. If the directive and any directives that it may contain exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<IfModule cgid_module>" directive. 2. Search for the "<IfModule cgid_module>" directive at the OHS server, virtual host, and directory configuration scopes. 3. Comment out the "<IfModule cgid_module>" directive and any directives it may contain.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule cgi_module" directive within the "<IfModule mpm_winnt_module>" directive at the OHS server configuration scope. 3. If the directive and its surrounding "<IfModule mpm_winnt_module>" directive exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "LoadModule cgi_module" directive within the "<IfModule mpm_winnt_module>" directive at the OHS server configuration scope. 3. Comment out the "LoadModule cgi_module" directive and surrounding "<IfModule mpm_winnt_module>" directives if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "ScriptAlias /cgi-bin/" directive within a "<IfModule alias_module>" directive at the OHS server configuration scope. 3. If the directive and its surrounding "<IfModule alias_module>" directive exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "ScriptAlias /cgi-bin/" directive within a "<IfModule alias_module>" directive at the OHS server configuration scope. 3. Comment out the "ScriptAlias /cgi-bin/" directive and its surrounding "<IfModule alias_module>" directive if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "ScriptSock" directive within a "<IfModule cgid_module>" directive at the OHS server configuration scope. 3. If the directive and its surrounding "<IfModule cgid_module>" directive exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for a "ScriptSock" directive within a "<IfModule cgid_module>" directive at the OHS server configuration scope. 3. Comment out the "ScriptSock" directive and its surrounding "<IfModule cgid_module>" directive if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for a "<Directory "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/cgi-bin">" directive at the OHS server and virtual host configuration scopes. 3. If the directive and any directives that it contains exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for a "<Directory "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/cgi-bin">" directive at the OHS server and virtual host configuration scopes. 3. Comment out the "<Directory "${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/instances/${COMPONENT_NAME}/cgi-bin">" directive and any directives it contains if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for a "<FilesMatch "\.(cgi|shtml|phtml|php)$">" directive at the virtual host configuration scope. 3. If the directive and any directives that it contains exist and are not commented out, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for a "<FilesMatch "\.(cgi|shtml|phtml|php)$">" directive at the OHS server configuration scope. 3. Comment out the "<FilesMatch "\.(cgi|shtml|phtml|php)$">" directive and any directives it contains if they exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for "<FilesMatch>" directives beyond the "<FilesMatch"^\.ht">" directive at the OHS server, virtual host, and directory configuration scopes. 3. If the "<FilesMatch>" directive is omitted or it and/or any directives it contains are set improperly, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for "<FilesMatch>" directives beyond the "<FilesMatch"^\.ht">" directive at the OHS server, virtual host, and directory configuration scopes. 3. Set the "<FilesMatch>" directive to ""^(?!.*\.(gif|jpe?g|png|html?|js|css)).*$"" or other value appropriate for the server/site to prevent inappropriate file access, add the directive if it does not exist. 4a. Within the "<FilesMatch "^(?!.*\.(gif|jpe?g|png|html?|js|css)).*$">" directive, set the "Order" directive to "allow,deny", add the directive if it does not exist. 4b. Within the "<FilesMatch "^(?!.*\.(gif|jpe?g|png|html?|js|css)).*$">" directive, set the "Deny" directive to "from all", add the directive if it does not exist. 4c. Within the "<FilesMatch "^(?!.*\.(gif|jpe?g|png|html?|js|css)).*$">" directive, set the "Satisfy" directive to "All", add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "<Directory>" directive at OHS server and virtual host configuration scopes. 3. If the "Options" directive within the "<Directory>" directive is omitted or is set improperly, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "<Directory>" directive at OHS server and virtual host configuration scopes. 3. Set the "Options" directive within the "<Directory>" directive to "None", add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for a "Listen" directive at the OHS server configuration scope. 3. If the directive is set without an IP address, port, and protocol specified, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for a "Listen" directive at the OHS server configuration scope. 3. Set the "Listen" directive to a value containing an IP address, port, and protocol (e.g., "Listen 123.123.123.123:80 http" or "Listen 456.456.456.456:443 https").
1. If the password for Node Manager does not meet DoD requirements for password complexity, this is a finding. 2. Open $DOMAIN_HOME/config/nodemanager/nm_password.properties with an editor. 3. If the "username" property and value are still present, this is a finding. 4. If the "password" property and value are still present, this is a finding.
1. Open $DOMAIN_HOME/config/nodemanager/nm_password.properties with an editor. 2. Remove the "hashed" property and value. 3. Set the "username" property to the account name to use for Node Manager, add the property if it does not exist. 4. Set the "password" property to a password compliant with DoD requirements for password complexity to use for Node Manager, add the property if it does not exist. 5. Start/Restart Node Manager so that the password contained within $DOMAIN_HOME/config/nodemanager/nm_password.properties is encrypted. 6. Remove the "username" and "password" properties and along with their values from within $DOMAIN_HOME/config/nodemanager/nm_password.properties, but leave the new "hashed" property and value.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "Header" and "FileETag" directives at the OHS server, virtual host, or directory configuration scope. 3. If the "Header" and "FileETag" directives are omitted or set improperly, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "Header" and "FileETag" directives at the OHS server, virtual host, or directory configuration scopes. 3a. Set the "Header" directive to "unset ETag", add the directive if it does not exist. 3b. Set the "FileETag" directive to "none", add the directive if it does not exist.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "SecureListener" property. 3. If the property is not set to "True", this is a finding.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "SecureListener" property. 3. Set the "SecureListener" property to "True".
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "ListenAddress" property. 3. If the property does not exist or is not set to the CN of the Node Manager certificate, this is a finding.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "ListenAddress" property. 3. Set the "ListenAddress" property to the CN of the Node Manager certificate, add the property if it does not exist.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "AuthenticationEnabled" property. 3. If the property does not exist or is not set "True", this is a finding.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "AuthenticationEnabled" property. 3. Set the "AuthenticationEnabled" property "True", add the property if it does not exist.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "KeyStores" property. 3. If the property does not exist or is not set to "CustomIdentityAndCustomTrust", this is a finding.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "KeyStores" property. 3. Set the "KeyStores" property to "CustomIdentityAndCustomTrust", add the property if it does not exist.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "CustomIdentityKeyStoreFileName" property. 3. If the property does not exist or is set improperly, this is a finding.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "CustomIdentityKeyStoreFileName" property. 3. Set the "CustomIdentityKeyStoreFileName" property to a keystore location that contains a valid DoD certificate for the Node Manager identity, add the property if it does not exist.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "CustomIdentityKeyStorePassPhrase" property. 3. If the property does not exist or is set improperly, this is a finding.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "CustomIdentityKeyStorePassPhrase" property. 3. Set the "CustomIdentityKeyStorePassPhrase" property to the password of the keystore that contains a valid DoD certificate for the Node Manager identity, add the property if it does not exist.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "CustomIdentityAlias" property. 3. If the property does not exist or is set improperly, this is a finding.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "CustomIdentityAlias" property. 3. Set the "CustomIdentityAlias" property to the alias of the keystore PrivateKeyEntry containing the Node Manager identity, add the property if it does not exist.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "CustomIdentityPrivateKeyPassPhrase" property. 3. If the property does not exist or is set improperly, this is a finding.
1. Open $DOMAIN_HOME/nodemanager/nodemanager.properties with an editor. 2. Search for the "CustomIdentityPrivateKeyPassPhrase" property. 3. Set the "CustomIdentityPrivateKeyPassPhrase" property to the password protecting the Private Key of the Node Manager identity, add the property if it does not exist.
1. Open $DOMAIN_HOME/config/config.xml with an editor. 2. Search for the "<listen-address>" element within the "<node-manager>" element. 3. If the element does not exist or is not set to the CN of the Node Manager certificate, this is a finding.
1. Open $DOMAIN_HOME/config/config.xml with an editor. 2. Search for the "<listen-address>" element within the "<node-manager>" element. 3. Set the "<listen-address>" element to the CN of the Node Manager certificate, add the element if it does not exist.
1. Open $DOMAIN_HOME/config/config.xml with an editor. 2. Search for the "<listen-port>" element within the "<node-manager>" element. 3. If the element does not exist or is not set to the same value as the "ListenPort" property found in $DOMAIN_HOME/nodemanager/nodemanager.properties, this is a finding.
1. Open $DOMAIN_HOME/config/config.xml with an editor. 2. Search for the "<listen-port>" element within the "<node-manager>" element. 3. Set the "<listen-port>" element to same value as the "ListenPort" property found in $DOMAIN_HOME/nodemanager/nodemanager.properties, add the element if it does not exist.
1. Check for the existence of $ORACLE_HOME/ohs/common/bin/setWlstEnv.sh. 2a. If the setWlstEnv.sh does not exist or does not contain the "WLST_PROPERTIES" environment variable set to a valid trust keystore containing the Certificate Authority and Chain of the Node Manager identity, this is a finding. 2b. If the setWlstenv.sh file does not exist, this is a finding. 2c. If the setWlstenv.sh file has permissions more permissive than 750, this is a finding.
1. Open $ORACLE_HOME/ohs/common/bin/setWlstEnv.sh. with an editor. If the file does not exist, create the file. 2. Set "WLST_PROPERTIES" environment variable to a valid trust keystore containing the Certificate Authority and Chain of Node Manager identity, add the property if it does not exist. 3. Issue a "chmod 750 $ORACLE_HOME/ohs/common/bin/setWlstEnv.sh' to modify the permissions of the script.
1. Check for the existence of $ORACLE_HOME/oracle_common/common/bin/setWlstEnv.sh. 2a. If the setWlstEnv.sh does not exist or does not contain the "WLST_PROPERTIES" environment variable set to a valid trust keystore containing the Certificate Authority and Chain of the Node Manager identity, this is a finding. 2b. If the setWlstenv.sh file does not exist, this is a finding. 2c. If the setWlstenv.sh file has permissions more permissive than 750, this is a finding.
1. Open $ORACLE_HOME/oracle_common/common/bin/setWlstEnv.sh. with an editor. If the file does not exist, create the file. 2. Set "WLST_PROPERTIES" environment variable to a valid trust keystore containing the Certificate Authority and Chain of Node Manager identity, add the property if it does not exist. 3. Issue a "chmod 750 $ORACLE_HOME/oracle_common/common/bin/setWlstEnv.sh' to modify the permissions of the script.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/admin.conf in it with an editor. 2. Search for the "Allow" directive within the "<Location /dms/>" directive at the virtual host configuration scope. 3. If the "Allow" directive is set to "from all", this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/admin.conf with an editor. 2. Search for the "Allow" directive within the "<Location /dms/>" virtual host configuration scope. 3. Set the "Allow" directive to "from 127.0.0.1".
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "AllowOverride" directive at the directory configuration scope. 3. If the "AllowOverride" directive is omitted or is not set to "None", this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "AllowOverride" directive at the directory configuration scope. 3. Set the "AllowOverride" directive to "None", add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "<Directory />" directive within the OHS server configuration scope. 3. If the "Order" directive within the "<Directory />" directive is omitted or is set improperly, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "<Directory />" directive within the OHS server configuration scope. 3. Set the "Order" directive within the "<Directory />" directive to "deny,allow", add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "<Directory />" directive within the OHS server configuration scope. 3. If the "Deny" directive within the "<Directory />" directive is omitted or is set improperly, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf with an editor. 2. Search for the "<Directory />" directive within the OHS server configuration scope. 3. Set the "Deny" directive within the "<Directory />" directive to "from all", add the directive if it does not exist.
1. cd $DOMAIN_HOME/config/fmwconfig/components/OHS 2. find . -name .htaccess -print 3. If any .htaccess files are found, this is a finding.
1. cd $DOMAIN_HOME/config/fmwconfig/components/OHS 2. find . -name .htaccess -exec rm {} \;
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "<Directory>" directives at the server and virtual host configuration scopes. 3. Go to the location specified as the value for each "<Directory>" directive (e.g., cd $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/htdocs). 4. Check for the existence of any .htaccess files in the aforementioned locations (e.g., find . -name .htaccess -print). 5. If any .htaccess files are found, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "<Directory>" directives at the server and virtual host configuration scopes. 3. Go to the location specified as the value for each "<Directory>" directive (e.g., cd $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/htdocs). 4. find . -name .htaccess -exec rm {} \;
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "HostnameLookups" directive at the server, virtual host, and directory configuration scopes. 3. If the "HostnameLookups" directive is omitted or is not set to "On", this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "HostnameLookups" directive at the server, virtual host, and directory configuration scopes. 3. Set the "HostnameLookups" directive to "On", add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "ServerAdmin" directive at the server and virtual host configuration scopes. 3. If the "ServerAdmin" directive is omitted or is set improperly, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "ServerAdmin" directive at the virtual host and directory configuration scopes. 3. Set the "ServerAdmin" directive to an appropriate service-based email address for the organization, add the directive if it does not exist.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "<LimitExcept>" directive at the directory configuration scope. 3. If the "<LimitExcept>" directive is omitted (with the exception of the "<Directory />" directive) or is set improperly, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor. 2. Search for the "<LimitExcept>" directive at the directory configuration scope. 3. Set the "<LimitExcept>" directive to "GET POST", add the directive if it does not exist. 4. Within the "<LimitExcept GET POST>" directives, add the directive "Deny" and set it to "from all".
1. cd $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/htdocs 2. Check for the existence of the OracleHTTPServer12c_files directory (e.g., ls). 3. If there is an OracleHTTPServer12c_files directory exists, this is a finding.
1. cd $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/ohs1/htdocs 2. rm –rf OracleHTTPServer12c_files.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for the "SSLSessionCacheTimeout" directive at the OHS server configuration scope. 3. If the directive is omitted or is set greater than 60, this is a finding.
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/ssl.conf with an editor. 2. Search for the "SSLSessionCacheTimeout" directive at the OHS server configuration scope. 3. Set the "SSLSessionCacheTimeout" directive to "60", add the directive if it does not exist.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "RewriteEngine" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or is not set to "On", this is a finding unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "RewriteEngine" directive at the OHS server and virtual host configuration scopes. 3. Set the "RewriteEngine" directive to "On", add the directive if it does not exist unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "RewriteOptions" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or is not set to "inherit", this is a finding unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "RewriteOptions" directive at the OHS server and virtual host configuration scopes. 3. Set the "RewriteOptions" directive to "inherit", add the directive if it does not exist unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "RewriteLogLevel" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or is not set to "3", this is a finding unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "RewriteLogLevel" directive at the OHS server and virtual host configuration scopes. 3. Set the "RewriteLogLevel" directive to "3"; add the directive if it does not exist unless inherited from a larger scope.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "RewriteLog" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive. 2. Search for the "RewriteLog" directive at the OHS server and virtual host configuration scopes. 3. Set the "RewriteLog" directive to the same location as the "CustomLog" directive; add the directive if it does not exist unless inherited from a larger scope.
NOTE: Service accounts or system accounts that have no login capability do not need to have passwords set or changed. Review the web server documentation and deployment configuration to determine what non-service/system accounts were installed by the web server installation process. Verify the passwords for these accounts have been set and/or changed from the default passwords. Verify the SA/Web manager are notified of the changed password. If these accounts still have no password or have default passwords, this is a finding. If the SA/web manager does not know the changed password, this is a finding.
Inform the OHS Administrator as to what the password is for the OS account that owns the OHS Software.
1. Ask the System Administrator if a compiler is installed on the system. 2. If it is, this is a finding.
Ask the System Administrator to remove any compilers installed on the system.
1. As required, confirm with the OHS Administrator that OHS is installed in a DMZ and isolated from internal systems. 2. If not, this is a finding.
1. Relocate the OHS server to be in a DMZ, isolated from internal systems. 2. Confirm that the OHS server only has connections to supporting Application and Database Servers.
1. As required, confirm with the OHS Administrator that OHS is installed on a separately controlled access subnet, not part of any DMZ. 2. Confirm that the OHS server is isolated from access by the LAN's general population. 3. If not, this is a finding.
1. Relocate the OHS server to be on a local subnet, isolated from the DMZ. 2. Remove access to the OHS server from the LAN's general population.
1. Obtain the version of the OHS 12c software (e.g., grep Oracle-HTTP-Server-12c $DOMAIN_HOME/servers/<componentName>/logs/ohs1.log). Confirm it is 12.1.3. 2. Refer to the support date schedule for "Fusion Middleware 12c (12.1.x)" at http://www.oracle.com/us/support/library/lifetime-support-middleware-069163.pdf. Confirm that support remains available and that the organization is current with respect to payments. 3. If not, this is a finding.
1. Install or upgrade to a version of OHS that is within the support timeframes for "Fusion Middleware 12c" at http://www.oracle.com/us/support/library/lifetime-support-middleware-069163.pdf. 2. Confirm that the organization is current with respect to support payments.
1. If OHS is used with other Fusion Middleware products, check to see if the combination is certified per http://www.oracle.com/technetwork/middleware/fusion-middleware/documentation/fmw-1213certmatrix-2226694.xls. 2. If not a certified configuration, this is a finding.
Upgrade or patch OHS or other Oracle Fusion Middleware products to achieve a certified configuration per http://www.oracle.com/technetwork/middleware/fusion-middleware/documentation/fmw-1213certmatrix-2226694.xls.
1. Determine whether anyone other than the System Administrator or the OHS Administrator has inappropriate access to modify the OHS configuration. This includes the ability to use the OS account that owns OHS, root, or a tool with OHS management or monitoring capability such as Oracle Enterprise Manager (OEM). 2. If so, this is a finding.
Restrict access to the OS account that owns OHS, root, or tool with OHS management or monitoring capability such as Oracle Enterprise Manager (OEM).
1. Check the server for software that is unnecessary for OHS operation. 2. If the software is unnecessary for OHS, other organization requirements, or is not appropriately patched or supported, this is a finding.
Remove any software that is unnecessary for OHS operation, other organization requirements, or is not appropriately patched or supported.