{"description": "The presence of a compiler on a production server facilitates the malicious\nuser's task of creating custom versions of programs and installing Trojan\nHorses or viruses.", "rationale": "An attacker's code could be uploaded and compiled on the server\nunder attack.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the web server is part of an application suite and a compiler is needed\nfor installation, patching, and upgrading of the suite or if the compiler\nis embedded and can't be removed without breaking the suite, document the\ninstallation of the compiler with the ISSO/ISSM and verify that the compiler\nis restricted to administrative users only. If documented and restricted to\nadministrative users, this is not a finding.\n\nIf an undocumented compiler is present, and available to non-administrative\nusers", "ocil": "Query the SA and the Web Manager to determine if a compiler is present on\nthe server.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Installation of a compiler on production web server is prohibited", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml", "template": null}