CIS Apache HTTP Server 2.2 L1 v3.5.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apache HTTP Server 2.2 L1 v3.5.0

Updated: 7/29/2019

Authority: CIS

Plugin: Unix

Revision: 1.3

Estimated Item Count: 93

File Details

Filename: CIS_Apache_HTTP_Server_2.2_Benchmark_v3.5.0_Level_1.audit

Size: 260 kB

MD5: 6af9eccf7b365a2ed164e8538b1854f5
SHA256: e26b2f89517069b41c8540f0f7bbb7b847aef0b7b45572aceefc35aca51df835

Audit Items

DescriptionCategories
1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented

CONFIGURATION MANAGEMENT

1.3 Ensure Apache Is Installed From the Appropriate Binaries

SYSTEM AND INFORMATION INTEGRITY

2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled - 'auth*'

CONFIGURATION MANAGEMENT

2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled - 'LDAP'

CONFIGURATION MANAGEMENT

2.2 Ensure the Log Config Module Is Enabled

AUDIT AND ACCOUNTABILITY

2.3 Ensure the WebDAV Modules Are Disabled

CONFIGURATION MANAGEMENT

2.4 Ensure the Status Module Is Disabled

CONFIGURATION MANAGEMENT

2.5 Ensure the Autoindex Module Is Disabled

CONFIGURATION MANAGEMENT

2.6 Ensure the Proxy Modules Are Disabled

CONFIGURATION MANAGEMENT

2.7 Ensure the User Directories Module Is Disabled

CONFIGURATION MANAGEMENT

2.8 Ensure the Info Module Is Disabled

CONFIGURATION MANAGEMENT

3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'apache account is configured'

ACCESS CONTROL

3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd services are running as apache user'

ACCESS CONTROL

3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf Group = apache'

ACCESS CONTROL

3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf User = apache'

ACCESS CONTROL

3.2 Ensure the Apache User Account Has an Invalid Shell

ACCESS CONTROL

3.3 Ensure the Apache User Account Is Locked

ACCESS CONTROL

3.4 Ensure Apache Directories and Files Are Owned By Root

CONFIGURATION MANAGEMENT

3.5 Ensure the Group Is Set Correctly on Apache Directories and Files

CONFIGURATION MANAGEMENT

3.6 Ensure Other Write Access on Apache Directories and Files Is Restricted

CONFIGURATION MANAGEMENT

3.7 Ensure the Core Dump Directory Is Secured

CONFIGURATION MANAGEMENT

3.8 Ensure the Lock File Is Secured - 'LockFile directory'

CONFIGURATION MANAGEMENT

3.8 Ensure the Lock File Is Secured - 'LockFile permissions'

CONFIGURATION MANAGEMENT

3.9 Ensure the Pid File Is Secured

CONFIGURATION MANAGEMENT

3.9 Secure the Pid File - 'PidFile directory'

CONFIGURATION MANAGEMENT

3.10 Ensure the ScoreBoard File Is Secured

CONFIGURATION MANAGEMENT

3.11 Ensure Group Write Access for the Apache Directories and Files Is Properly Restricted

CONFIGURATION MANAGEMENT

3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted

CONFIGURATION MANAGEMENT

4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Deny = from all

ACCESS CONTROL

4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Allow directives exist'

ACCESS CONTROL

4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Deny directives exist'

ACCESS CONTROL

4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Require directives exist'

ACCESS CONTROL

4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Order = Deny,Allow

ACCESS CONTROL

4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Require all denied

ACCESS CONTROL

4.2 Ensure Appropriate Access to Web Content Is Allowed - 'httpd.conf Allow is configured'

ACCESS CONTROL

4.2 Ensure Appropriate Access to Web Content Is Allowed - 'httpd.conf Deny is configured'

ACCESS CONTROL

4.2 Ensure Appropriate Access to Web Content Is Allowed - 'httpd.conf Order Deny,Allow'

ACCESS CONTROL

4.2 Ensure Appropriate Access to Web Content Is Allowed - 'No Order/Deny/Allow'

ACCESS CONTROL

4.2 Ensure Appropriate Access to Web Content Is Allowed - 'Require is configured'

ACCESS CONTROL

4.3 Ensure OverRide Is Disabled for the OS Root Directory

ACCESS CONTROL

4.4 Ensure OverRide Is Disabled for All Directories

CONFIGURATION MANAGEMENT

5.1 Ensure Options for the OS Root Directory Are Restricted

ACCESS CONTROL

5.2 Ensure Options for the Web Root Directory Are Restricted

CONFIGURATION MANAGEMENT

5.3 Ensure Options for Other Directories Are Minimized

CONFIGURATION MANAGEMENT

5.4 Ensure Default HTML Content Is Removed - 'httpd-manual is not installed'

CONFIGURATION MANAGEMENT

5.4 Ensure Default HTML Content Is Removed - 'other handler does not exist'

CONFIGURATION MANAGEMENT

5.4 Ensure Default HTML Content Is Removed - 'Server Information handler does not exist'

CONFIGURATION MANAGEMENT

5.5 Ensure the Default CGI Content printenv Script Is Removed

CONFIGURATION MANAGEMENT

5.6 Ensure the Default CGI Content test-cgi Script Is Removed

CONFIGURATION MANAGEMENT

5.7 Ensure HTTP Request Methods Are Restricted - 'httpd.conf Document Root LimitExcept = GET,POST or OPTIONS only'

CONFIGURATION MANAGEMENT