CIS Apache HTTP Server 2.2 L2 v3.5.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apache HTTP Server 2.2 L2 v3.5.0

Updated: 7/29/2019

Authority: CIS

Plugin: Unix

Revision: 1.3

Estimated Item Count: 38

File Details

Filename: CIS_Apache_HTTP_Server_2.2_Benchmark_v3.5.0_Level_2.audit

Size: 135 kB

MD5: b65886ac37ac6980f43583ffaf30db7e

SHA256: d9126eeded386f87b892cc58888b9f0b386e227a44a782c4ed2da939ceb2a223

Audit Items

Description	Categories
1.2 Ensure the Server Is Not a Multi-Use System	CONFIGURATION MANAGEMENT
5.11 Ensure Access to Inappropriate File Extensions Is Restricted - 'httpd.conf approved extention FileMatch directive exists'	CONFIGURATION MANAGEMENT
5.11 Ensure Access to Inappropriate File Extensions Is Restricted - 'httpd.conf FileMatch directive configuration'	ACCESS CONTROL
5.11 Ensure Access to Inappropriate File Extensions Is Restricted - 'httpd.conf FileMatch directive Require all denied'	CONFIGURATION MANAGEMENT
5.12 Ensure IP Address Based Requests Are Disallowed - 'httpd.conf RewriteCond %{HTTP_HOST} exists'	SYSTEM AND COMMUNICATIONS PROTECTION
5.12 Ensure IP Address Based Requests Are Disallowed - 'httpd.conf RewriteCond %{REQUEST_URI} exists'	SYSTEM AND COMMUNICATIONS PROTECTION
5.12 Ensure IP Address Based Requests Are Disallowed - 'httpd.conf RewriteEngine = on'	SYSTEM AND COMMUNICATIONS PROTECTION
5.12 Ensure IP Address Based Requests Are Disallowed - 'httpd.conf RewriteRule ^.(.*) - [L,F] exists'	SYSTEM AND COMMUNICATIONS PROTECTION
5.12 Ensure IP Address Based Requests Are Disallowed - Rewrite module not loaded	CONFIGURATION MANAGEMENT
5.13 Ensure the IP Addresses for Listening for Requests Are Specified - 'httpd.conf Listen [::ffff:0.0.0.0]:80 does not exists'	CONFIGURATION MANAGEMENT
5.13 Ensure the IP Addresses for Listening for Requests Are Specified - 'httpd.conf Listen 0.0.0.0:80 does not exists'	CONFIGURATION MANAGEMENT
5.13 Ensure the IP Addresses for Listening for Requests Are Specified - 'httpd.conf Listen 80 does not exists'	CONFIGURATION MANAGEMENT
5.14 Ensure Browser Framing Is Restricted	CONFIGURATION MANAGEMENT
6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'httpd.conf <VirtualHost> Syslog is configured'	AUDIT AND ACCOUNTABILITY
6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'httpd.conf Syslog is configured'	AUDIT AND ACCOUNTABILITY
6.6 Ensure ModSecurity Is Installed and Enabled	SYSTEM AND COMMUNICATIONS PROTECTION
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active Rules	CONFIGURATION MANAGEMENT
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly Threshold	CONFIGURATION MANAGEMENT
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly Threshold	CONFIGURATION MANAGEMENT
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia Level	CONFIGURATION MANAGEMENT
7.9 Ensure the TLS v1.0 Protocol Is Disabled	SYSTEM AND COMMUNICATIONS PROTECTION
7.10 Ensure HTTP Strict Transport Security Is Enabled - 'httpd.conf Strict-Transport-Security 'max-age=480'	SYSTEM AND COMMUNICATIONS PROTECTION
7.10 Ensure HTTP Strict Transport Security Is Enabled - 'httpd.conf Strict-Transport-Security configuration'	SYSTEM AND COMMUNICATIONS PROTECTION
8.3 Ensure ETag Response Header Fields Do Not Include Inodes	CONFIGURATION MANAGEMENT
8.4 Ensure All Default Apache Content Is Removed - 'httpd.conf Alias /icons/ /var/www/icons/ does not exists'	SYSTEM AND COMMUNICATIONS PROTECTION
8.4 Ensure All Default Apache Content Is Removed - 'httpd.conf Include conf/extra/httpd-autoindex.conf does not exists'	SYSTEM AND COMMUNICATIONS PROTECTION
10.1 Ensure the Maximum Request Line Length Is Set Properly	CONFIGURATION MANAGEMENT
10.2 Ensure the Maximum Request Headers Per Request Is Set Properly	CONFIGURATION MANAGEMENT
10.3 Enusre the Maximum Request Header Field Size Is Set Properly	CONFIGURATION MANAGEMENT
10.4 Ensure the Maximum Request Body Size Is Set Properly	CONFIGURATION MANAGEMENT
11.1 Ensure SELinux Is Enabled in Enforcing Mode	ACCESS CONTROL
11.2 Ensure Apache Processes Run in the httpd_t Confined Context	ACCESS CONTROL
11.3 Ensure the httpd_t Type Is Not in Permissive Mode	ACCESS CONTROL
11.4 Ensure Only the Necessary SELinux Booleans Are Enabled	ACCESS CONTROL
12.1 Ensure the AppArmor Framework Is Enabled	ACCESS CONTROL
12.2 Ensure the Apache AppArmor Profile Is Configured Properly
12.3 Ensure the Apache AppArmor Profile Is in Enforce Mode	ACCESS CONTROL
CIS_Apache_HTTP_Server_2.2_Benchmark_v3.5.0_Level_2.audit from CIS Apache HTTP Server 2.2 Benchark v3.5.0

Detections

Analytics

CIS Apache HTTP Server 2.2 L2 v3.5.0

Warning! Audit Deprecated

Audit Details

File Details

Audit Items