Feb 3, 2021 Functional Update- 2.2 Ensure the Log Config Module Is Enabled
Miscellaneous- Audit deprecated.
- Metadata updated.
|
Oct 5, 2020 Functional Update- 1.3 Ensure Apache Is Installed From the Appropriate Binaries
- 2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled - 'Loaded auth._* modules'
- 2.2 Ensure the Log Config Module Is Enabled
- 2.3 Ensure the WebDAV Modules Are Disabled
- 2.4 Ensure the Status Module Is Disabled
- 2.5 Ensure the Autoindex Module Is Disabled
- 2.6 Ensure the Proxy Modules Are Disabled
- 2.8 Ensure the Info Module Is Disabled
- 2.9 Ensure the Basic and Digest Authentication Modules are Disabled - auth_basic_module
- 2.9 Ensure the Basic and Digest Authentication Modules are Disabled - auth_digest_module
- 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'apache account is configured'
- 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd services are running as apache user'
- 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf Group = apache'
- 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf User = apache'
- 3.10 Ensure the ScoreBoard File Is Secured
- 3.2 Ensure the Apache User Account Has an Invalid Shell
- 3.3 Ensure the Apache User Account Is Locked
- 3.7 Ensure the Core Dump Directory Is Secured
- 3.8 Ensure the Lock File Is Secured - 'LockFile directory'
- 3.8 Ensure the Lock File Is Secured - 'LockFile on local hard drive'
- 3.8 Ensure the Lock File Is Secured - 'LockFile permissions'
- 3.9 Ensure the Pid File Is Secured - 'PidFile directory'
- 4.1 Ensure Access to OS Root Directory Is Denied By Default
- 4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Require all denied'
- 4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Allow directives exist'
- 4.2 Ensure Appropriate Access to Web Content Is Allowed
- 4.3 Ensure OverRide Is Disabled for the OS Root Directory - AllowOverride None
- 4.3 Ensure OverRide Is Disabled for the OS Root Directory - exclude AllowOverrideList
- 5.1 Ensure Options for the OS Root Directory Are Restricted
- 5.10 Ensure Access to .ht* Files Is Restricted
- 5.2 Ensure Options for the Web Root Directory Are Restricted
- 5.3 Ensure Options for Other Directories Are Minimized
- 5.4 Ensure Default HTML Content Is Removed - 'Server Information handler does not exist'
- 5.4 Ensure Default HTML Content Is Removed - 'Server Status handler does not exist'
- 5.7 Ensure HTTP Request Methods Are Restricted
- 5.8 Ensure the HTTP TRACE Method Is Disabled
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'RewriteRule configuration'
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'httpd.conf <VirtualHost> RewriteEngine = on'
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'httpd.conf <VirtualHost> RewriteOptions = inherit'
- 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'ErrorLog 'logs/error_log'
- 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'httpd.conf <VirtualHost> ErrorLog is configured'
- 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - 'httpd.conf LogLevel = notice info or debug'
- 6.3 Ensure the Server Access Log Is Configured Correctly - 'httpd.conf CustomLog is configured'
- 6.3 Ensure the Server Access Log Is Configured Correctly - 'httpd.conf LogFormat is configured'
- 6.5 Ensure Applicable Patches Are Applied
- 7.1 Ensure mod_ssl and/or mod_nss Is Installed - 'mod_ssl is loaded'
- 7.6 Ensure Insecure SSL Renegotiation Is Not Enabled
- 7.7 Ensure SSL Compression is not Enabled
- 7.8 Ensure Medium Strength SSL/TLS Ciphers Are Disabled
- 7.9 Ensure All Web Content is Accessed via HTTPS
- 9.1 Ensure the TimeOut Is Set to 10 or Less
- 9.2 Ensure KeepAlive Is Enabled
- 9.3 Ensure MaxKeepAliveRequests is Set to a Value of 100 or Greater
- 9.4 Ensure KeepAliveTimeout is Set to a Value of 15 or Less
Informational Update- 2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled - 'Loaded auth._* modules'
- 2.6 Ensure the Proxy Modules Are Disabled
- 5.10 Ensure Access to .ht* Files Is Restricted
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'RewriteRule configuration'
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'httpd.conf <VirtualHost> RewriteEngine = on'
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'httpd.conf <VirtualHost> RewriteOptions = inherit'
- 6.5 Ensure Applicable Patches Are Applied
- 7.7 Ensure SSL Compression is not Enabled
Miscellaneous- Platform check updated.
- References updated.
- Variables updated.
Added- 4.4 Ensure OverRide Is Disabled for All Directories - AllowOverride
- 4.4 Ensure OverRide Is Disabled for All Directories - AllowOverrideList
- 5.4 Ensure Default HTML Content Is Removed - 'other handler does not exist'
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'RewriteEngine on'
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'httpd.conf RewriteCond = %{THE_REQUEST} !HTTP/1\.1$'
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - Rewrite module not loaded
- 7.4 Ensure Weak SSL Protocols Are Disabled - 'SSLv2 or SSLv3'
- 7.4 Ensure Weak SSL Protocols Are Disabled - 'TLSv1'
- 7.5 Ensure Weak SSL/TLS Ciphers Are Disabled - 'Global SSLCipherSuite'
- 7.5 Ensure Weak SSL/TLS Ciphers Are Disabled - 'Global SSLHonorCipherOrder = On'
- 7.5 Ensure Weak SSL/TLS Ciphers Are Disabled - 'VirtualHost SSLCipherSuite'
- 7.5 Ensure Weak SSL/TLS Ciphers Are Disabled - 'VirtualHost SSLHonorCipherOrder = On'
- 8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly'
- 8.2 Ensure ServerSignature Is Not Enabled
- 9.5 Ensure the Timeout Limits for Request Headers is Set to 40 or Less - RequestReadTimeout
- 9.5 Ensure the Timeout Limits for Request Headers is Set to 40 or Less - mod_reqtimeout
- 9.6 Ensure Timeout Limits for the Request Body Are Set Properly - RequestReadTimeout
- 9.6 Ensure Timeout Limits for the Request Body Are Set Properly - mod_reqtimeout
Removed- 4.4 Ensure OverRide Is Disabled for All Directories
- 5.4 Ensure Default HTML Content Is Removed - 'perl-status handler does not exist'
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'RewriteCond configuration'
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'RewriteEngine configured'
- 7.1 Ensure mod_ssl and/or mod_nss Is Installed - 'mod_nss is loaded'
- 7.4 Ensure Weak SSL Protocols Are Disabled
- 7.5 Ensure Weak SSL/TLS Ciphers Are Disabled - 'httpd.conf SSLCipherSuite'
- 7.5 Ensure Weak SSL/TLS Ciphers Are Disabled - 'httpd.conf SSLHonorCipherOrder = On'
- 7.5 Ensure Weak SSL/TLS Ciphers Are Disabled - 'httpd.conf VirtualHost SSLHonorCipherOrder = On'
- 8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly' - Prod
- 8.2 Ensure ServerSignature Is Not Enabled - Off
- 9.5 Ensure the Timeout Limits for Request Headers is Set to 40 or Less
- 9.6 Ensure Timeout Limits for the Request Body is Set to 20 or Less
|
Sep 29, 2020 |
Jul 14, 2020 |
Apr 17, 2020 Miscellaneous- Metadata updated.
- References updated.
|
Nov 18, 2019 Functional Update- 5.10 Ensure Access to .ht* Files Is Restricted
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'RewriteCond configuration'
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'httpd.conf <VirtualHost> RewriteEngine = on'
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'httpd.conf <VirtualHost> RewriteOptions = inherit'
- 6.3 Ensure the Server Access Log Is Configured Correctly - 'httpd.conf CustomLog is configured'
|
Aug 26, 2019 Functional Update- 6.3 Ensure the Server Access Log Is Configured Correctly - 'httpd.conf CustomLog is configured'
- 6.3 Ensure the Server Access Log Is Configured Correctly - 'httpd.conf LogFormat is configured'
|
