Revision 1.7Oct 5, 2020
Functional Update
- 1.3 Ensure Apache Is Installed From the Appropriate Binaries
- 11.1 Ensure SELinux Is Enabled in Enforcing Mode
- 11.2 Ensure Apache Processes Run in the httpd_t Confined Context - apachectl
- 11.2 Ensure Apache Processes Run in the httpd_t Confined Context - httpd
- 11.3 Ensure the httpd_t Type is Not in Permissive Mode
- 11.4 Ensure Only the Necessary SELinux Booleans are Enabled
- 12.1 Ensure the AppArmor Framework Is Enabled
- 12.2 Ensure the Apache AppArmor Profile Is Configured Properly
- 12.3 Ensure Apache AppArmor Profile is in Enforce Mode
- 3.10 Ensure the ScoreBoard File Is Secured
- 3.7 Ensure the Core Dump Directory Is Secured
- 3.8 Ensure the Lock File Is Secured - 'LockFile directory'
- 3.8 Ensure the Lock File Is Secured - 'LockFile on local hard drive'
- 3.8 Ensure the Lock File Is Secured - 'LockFile permissions'
- 5.11 Ensure Access to Inappropriate File Extensions Is Restricted - 'httpd.conf FileMatch directive'
- 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - 'RewriteCond configuration'
- 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active Rules
- 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly Threshold
- 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly Threshold
- 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia Level