Detections
Analytics

CIS Apache HTTP Server 2.4 L2 v1.5.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apache HTTP Server 2.4 L2 v1.5.0

Updated: 2/3/2021

Authority: CIS

Plugin: Unix

Revision: 1.8

Estimated Item Count: 124

Audit Changelog

 
Revision 1.8

Feb 3, 2021

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
Revision 1.7

Oct 5, 2020

Functional Update
  • 1.3 Ensure Apache Is Installed From the Appropriate Binaries
  • 11.1 Ensure SELinux Is Enabled in Enforcing Mode
  • 11.2 Ensure Apache Processes Run in the httpd_t Confined Context - apachectl
  • 11.2 Ensure Apache Processes Run in the httpd_t Confined Context - httpd
  • 11.3 Ensure the httpd_t Type is Not in Permissive Mode
  • 11.4 Ensure Only the Necessary SELinux Booleans are Enabled
  • 12.1 Ensure the AppArmor Framework Is Enabled
  • 12.2 Ensure the Apache AppArmor Profile Is Configured Properly
  • 12.3 Ensure Apache AppArmor Profile is in Enforce Mode
  • 3.10 Ensure the ScoreBoard File Is Secured
  • 3.7 Ensure the Core Dump Directory Is Secured
  • 3.8 Ensure the Lock File Is Secured - 'LockFile directory'
  • 3.8 Ensure the Lock File Is Secured - 'LockFile on local hard drive'
  • 3.8 Ensure the Lock File Is Secured - 'LockFile permissions'
  • 5.11 Ensure Access to Inappropriate File Extensions Is Restricted - 'httpd.conf FileMatch directive'
  • 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'RewriteCond configuration'
  • 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active Rules
  • 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly Threshold
  • 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly Threshold
  • 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia Level
Miscellaneous
  • Platform check updated.
Revision 1.6

Sep 29, 2020

Miscellaneous
  • References updated.
Revision 1.5

Jul 14, 2020

Miscellaneous
  • Metadata updated.
Revision 1.4

Apr 17, 2020

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.3

Oct 29, 2019

Functional Update
  • 11.1 Ensure SELinux Is Enabled in Enforcing Mode
Revision 1.2

Oct 14, 2019

Functional Update
  • 5.14 Ensure Browser Framing Is Restricted
Revision 1.1

Aug 26, 2019

Functional Update
  • 6.3 Ensure the Server Access Log Is Configured Correctly - 'httpd.conf CustomLog is configured'
  • 6.3 Ensure the Server Access Log Is Configured Correctly - 'httpd.conf LogFormat is configured'
Miscellaneous
  • Variables updated.
Added
  • 11.2 Ensure Apache Processes Run in the httpd_t Confined Context - apachectl
  • 11.2 Ensure Apache Processes Run in the httpd_t Confined Context - httpd
Removed
  • 11.2 Ensure Apache Processes Run in the httpd_t Confined Context