Health check Form for Apache Web Server or IBM Http Server.doc
文本预览下载声明
Checklist
IDENTIFICATION AND REGISTRATION
User IDs (group 1, 2):
System value/parameter Description Required setting Current setting Setting matched
(Y/N) Follow up action
(Y/N) Proof /output Webserver Administrator/Webmaster An ID having full system or security administration authority as defined in this document Can access the server either locally or remotely Web Authors An ID having read and write access to the document tree in order to create or maintain content Can access the server remotely Web Developers An Author ID having additional authority to install and modify CGI scripts also have access to document tree. Can access the server remotely Web Server ID An ID which runs the web server Unix Specific
:
?Must not have system administrator authority
?Must not have system privileges beyond what the web server requires to run
?Create a new, unique group that the server will run as
?Create new, unique userid that the web server will run as with the default group being the one created in the bullet above
Windows Specific:
?The webserver must run as a unique userid, such as
webserver or domain\webserver.
?The userid must not hold Security/System Administrator Authorities Authenticated Users Clients accessing the web server
via a web browser and having been authenticated on the web server though an authentication process fulfilling the requirements of the main body document.
?Are allowed to read documents and upload documents
?Are allowed to read documents which are marked as Lenovo
confidential Anonymous Users Clients accessing the web server via a web browser and not having been required to authenticate themselves on the web server.
Are not allowed to read documents which are marked as Lenovo confidential General Users General users are defined as users signed onto the host operating systems which do not have privileged access within the host operating system. no specific requirements
2.AUTHENTICATION
Reusable password r
显示全部