{"description": "Normally, a service account is established for the web server. This is\nbecause a privileged account is not desirable and the server is designed to\nrun for long uninterrupted periods of time. The SA or Web Manager will need\npassword access to the web server to restart the service in the event or an\nemergency as the web server is not to restart automatically after an\nunscheduled interruption.", "rationale": "If the password is not entrusted to an SA or web manager the ability to\nensure the availability of the web server is compromised.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the web server password(s) are not entrusted to the SA or Web Manager", "ocil": "The reviewed should make a note of the name of the account being used for\nthe web service. This information may be needed later in the SRR. There\nmay also be other server services running related to the web server in\nsupport of a particular web application, these passwords must be entrusted\nto the SA or Web Manager as well.\n\nQuery the SA or Web Manager to determine if they have the web service\npassword(s).\n\nNOTE: For installations that run as a service, or without a password,\nthe SA or Web Manager having an Admin account on the system would meet\nthe intent of this check.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "The web server password(s) must be entrusted to the SA or Web Manager", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml", "template": null}