CIS Apache HTTP Server 2.2 L1 v3.5.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apache HTTP Server 2.2 L1 v3.5.0

Updated: 7/29/2019

Authority: CIS

Plugin: Unix

Revision: 1.3

Estimated Item Count: 93

File Details

Filename: CIS_Apache_HTTP_Server_2.2_Benchmark_v3.5.0_Level_1.audit

Size: 260 kB

MD5: 6af9eccf7b365a2ed164e8538b1854f5

SHA256: e26b2f89517069b41c8540f0f7bbb7b847aef0b7b45572aceefc35aca51df835

Audit Items

Description	Categories
1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented	CONFIGURATION MANAGEMENT
1.3 Ensure Apache Is Installed From the Appropriate Binaries	SYSTEM AND INFORMATION INTEGRITY
2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled - 'auth*'	CONFIGURATION MANAGEMENT
2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled - 'LDAP'	CONFIGURATION MANAGEMENT
2.2 Ensure the Log Config Module Is Enabled	AUDIT AND ACCOUNTABILITY
2.3 Ensure the WebDAV Modules Are Disabled	CONFIGURATION MANAGEMENT
2.4 Ensure the Status Module Is Disabled	CONFIGURATION MANAGEMENT
2.5 Ensure the Autoindex Module Is Disabled	CONFIGURATION MANAGEMENT
2.6 Ensure the Proxy Modules Are Disabled	CONFIGURATION MANAGEMENT
2.7 Ensure the User Directories Module Is Disabled	CONFIGURATION MANAGEMENT
2.8 Ensure the Info Module Is Disabled	CONFIGURATION MANAGEMENT
3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'apache account is configured'	ACCESS CONTROL
3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd services are running as apache user'	ACCESS CONTROL
3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf Group = apache'	ACCESS CONTROL
3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf User = apache'	ACCESS CONTROL
3.2 Ensure the Apache User Account Has an Invalid Shell	ACCESS CONTROL
3.3 Ensure the Apache User Account Is Locked	ACCESS CONTROL
3.4 Ensure Apache Directories and Files Are Owned By Root	CONFIGURATION MANAGEMENT
3.5 Ensure the Group Is Set Correctly on Apache Directories and Files	CONFIGURATION MANAGEMENT
3.6 Ensure Other Write Access on Apache Directories and Files Is Restricted	CONFIGURATION MANAGEMENT
3.7 Ensure the Core Dump Directory Is Secured	CONFIGURATION MANAGEMENT
3.8 Ensure the Lock File Is Secured - 'LockFile directory'	CONFIGURATION MANAGEMENT
3.8 Ensure the Lock File Is Secured - 'LockFile permissions'	CONFIGURATION MANAGEMENT
3.9 Ensure the Pid File Is Secured	CONFIGURATION MANAGEMENT
3.9 Secure the Pid File - 'PidFile directory'	CONFIGURATION MANAGEMENT
3.10 Ensure the ScoreBoard File Is Secured	CONFIGURATION MANAGEMENT
3.11 Ensure Group Write Access for the Apache Directories and Files Is Properly Restricted	CONFIGURATION MANAGEMENT
3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted	CONFIGURATION MANAGEMENT
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Deny = from all	ACCESS CONTROL
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Allow directives exist'	ACCESS CONTROL
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Deny directives exist'	ACCESS CONTROL
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Require directives exist'	ACCESS CONTROL
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Order = Deny,Allow	ACCESS CONTROL
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Require all denied	ACCESS CONTROL
4.2 Ensure Appropriate Access to Web Content Is Allowed - 'httpd.conf Allow is configured'	ACCESS CONTROL
4.2 Ensure Appropriate Access to Web Content Is Allowed - 'httpd.conf Deny is configured'	ACCESS CONTROL
4.2 Ensure Appropriate Access to Web Content Is Allowed - 'httpd.conf Order Deny,Allow'	ACCESS CONTROL
4.2 Ensure Appropriate Access to Web Content Is Allowed - 'No Order/Deny/Allow'	ACCESS CONTROL
4.2 Ensure Appropriate Access to Web Content Is Allowed - 'Require is configured'	ACCESS CONTROL
4.3 Ensure OverRide Is Disabled for the OS Root Directory	ACCESS CONTROL
4.4 Ensure OverRide Is Disabled for All Directories	CONFIGURATION MANAGEMENT
5.1 Ensure Options for the OS Root Directory Are Restricted	ACCESS CONTROL
5.2 Ensure Options for the Web Root Directory Are Restricted	CONFIGURATION MANAGEMENT
5.3 Ensure Options for Other Directories Are Minimized	CONFIGURATION MANAGEMENT
5.4 Ensure Default HTML Content Is Removed - 'httpd-manual is not installed'	CONFIGURATION MANAGEMENT
5.4 Ensure Default HTML Content Is Removed - 'other handler does not exist'	CONFIGURATION MANAGEMENT
5.4 Ensure Default HTML Content Is Removed - 'Server Information handler does not exist'	CONFIGURATION MANAGEMENT
5.5 Ensure the Default CGI Content printenv Script Is Removed	CONFIGURATION MANAGEMENT
5.6 Ensure the Default CGI Content test-cgi Script Is Removed	CONFIGURATION MANAGEMENT
5.7 Ensure HTTP Request Methods Are Restricted - 'httpd.conf Document Root LimitExcept = GET,POST or OPTIONS only'	CONFIGURATION MANAGEMENT

Detections

Analytics

CIS Apache HTTP Server 2.2 L1 v3.5.0

Warning! Audit Deprecated

Audit Details

File Details

Audit Items