Detections
Analytics

CIS Apache HTTP Server 2.4 L1 v1.5.0 Middleware

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apache HTTP Server 2.4 L1 v1.5.0 Middleware

Updated: 2/3/2021

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 85

Audit Items

DescriptionCategories
1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented
1.2 Ensure the Server Is Not a Multi-Use System

CONFIGURATION MANAGEMENT

1.3 Ensure Apache Is Installed From the Appropriate Binaries
2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled
2.2 Ensure the Log Config Module Is Enabled

AUDIT AND ACCOUNTABILITY

2.3 Ensure the WebDAV Modules Are Disabled

CONFIGURATION MANAGEMENT

2.4 Ensure the Status Module Is Disabled

CONFIGURATION MANAGEMENT

2.5 Ensure the Autoindex Module Is Disabled

CONFIGURATION MANAGEMENT

2.6 Ensure the Proxy Modules Are Disabled

CONFIGURATION MANAGEMENT

2.7 Ensure the User Directories Module Is Disabled

CONFIGURATION MANAGEMENT

2.8 Ensure the Info Module Is Disabled

CONFIGURATION MANAGEMENT

2.9 Ensure the Basic and Digest Authentication Modules are Disabled
3.1 Ensure the Apache Web Server Runs As a Non-Root User - Group
3.1 Ensure the Apache Web Server Runs As a Non-Root User - id

ACCESS CONTROL

3.1 Ensure the Apache Web Server Runs As a Non-Root User - User
3.2 Ensure the Apache User Account Has an Invalid Shell
3.3 Ensure the Apache User Account Is Locked

ACCESS CONTROL

3.4 Ensure Apache Directories and Files Are Owned By Root

CONFIGURATION MANAGEMENT

3.5 Ensure the Group Is Set Correctly on Apache Directories and Files

CONFIGURATION MANAGEMENT

3.6 Ensure Other Write Access on Apache Directories and Files Is Restricted

CONFIGURATION MANAGEMENT

3.7 Ensure the Core Dump Directory Is Secured

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.8 Secure the Lock File - configured
3.8 Secure the Lock File - permissions
3.9 Ensure the Pid File Is Secured - 'PidFile directory'
3.10 Ensure the ScoreBoard File Is Secured

CONFIGURATION MANAGEMENT

3.11 Ensure Group Write Access for the Apache Directories and Files Is Properly Restricted

CONFIGURATION MANAGEMENT

3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted

CONFIGURATION MANAGEMENT

3.13 Ensure Access to Special Purpose Application Writable Directories is Properly Restricted
4.1 Ensure Access to OS Root Directory Is Denied By Default - allow
4.1 Ensure Access to OS Root Directory Is Denied By Default - deny
4.2 Ensure Appropriate Access to Web Content Is Allowed
4.3 Ensure OverRide Is Disabled for the OS Root Directory - AllowOverride None
4.3 Ensure OverRide Is Disabled for the OS Root Directory - exclude AllowOverrideList
4.4 Ensure OverRide Is Disabled for All Directories - AllowOverride

CONFIGURATION MANAGEMENT

4.4 Ensure OverRide Is Disabled for All Directories - AllowOverrideList
5.1 Ensure Options for the OS Root Directory Are Restricted
5.2 Ensure Options for the Web Root Directory Are Restricted
5.3 Ensure Options for Other Directories Are Minimized
5.4 Ensure Default HTML Content Is Removed - 'httpd-manual is not installed'

CONFIGURATION MANAGEMENT

5.4 Ensure Default HTML Content Is Removed - 'other handler does not exist'
5.4 Ensure Default HTML Content Is Removed - 'Server Information handler does not exist'
5.4 Ensure Default HTML Content Is Removed - 'Server Status handler does not exist'
5.5 Ensure the Default CGI Content printenv Script Is Removed

CONFIGURATION MANAGEMENT

5.6 Ensure the Default CGI Content test-cgi Script Is Removed

CONFIGURATION MANAGEMENT

5.7 Ensure HTTP Request Methods Are Restricted - allow
5.7 Ensure HTTP Request Methods Are Restricted - deny
5.8 Ensure the HTTP TRACE Method Is Disabled
5.9 Ensure Old HTTP Protocol Versions Are Disallowed - rewrite_module
5.9 Ensure Old HTTP Protocol Versions Are Disallowed - RewriteCond

CONFIGURATION MANAGEMENT

5.9 Ensure Old HTTP Protocol Versions Are Disallowed - RewriteEngine