CIS Apache HTTP Server 2.4 L1 v2.1.0

Audit Details

Name: CIS Apache HTTP Server 2.4 L1 v2.1.0

Updated: 10/25/2024

Authority: CIS

Plugin: Unix

Revision: 1.3

Estimated Item Count: 91

File Details

Filename: CIS_Apache_HTTP_Server_2.4_Benchmark_v2.1.0_Level_1.audit

Size: 324 kB

MD5: 3b651732681d7d2ba1065c42bed53e93
SHA256: 4717329ba36080559dc9e9bf2c51766a59f728b691761ff20467f2e982b19620

Audit Items

DescriptionCategories
1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

1.2 Ensure the Server Is Not a Multi-Use System

CONFIGURATION MANAGEMENT

1.3 Ensure Apache Is Installed From the Appropriate Binaries

CONFIGURATION MANAGEMENT

2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled

CONFIGURATION MANAGEMENT

2.2 Ensure the Log Config Module Is Enabled

AUDIT AND ACCOUNTABILITY

2.3 Ensure the WebDAV Modules Are Disabled

CONFIGURATION MANAGEMENT

2.4 Ensure the Status Module Is Disabled

CONFIGURATION MANAGEMENT

2.5 Ensure the Autoindex Module Is Disabled

CONFIGURATION MANAGEMENT

2.6 Ensure the Proxy Modules Are Disabled if not in use

CONFIGURATION MANAGEMENT

2.7 Ensure the User Directories Module Is Disabled

CONFIGURATION MANAGEMENT

2.8 Ensure the Info Module Is Disabled

CONFIGURATION MANAGEMENT

2.9 Ensure the Basic and Digest Authentication Modules are Disabled - auth_basic_module

CONFIGURATION MANAGEMENT

2.9 Ensure the Basic and Digest Authentication Modules are Disabled - auth_digest_module

CONFIGURATION MANAGEMENT

3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'apache account is configured'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd services are running as apache user'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf Group = apache'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf User = apache'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

3.2 Ensure the Apache User Account Has an Invalid Shell

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

3.3 Ensure the Apache User Account Is Locked

ACCESS CONTROL

3.4 Ensure Apache Directories and Files Are Owned By Root

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

3.5 Ensure the Group Is Set Correctly on Apache Directories and Files

ACCESS CONTROL, MEDIA PROTECTION

3.6 Ensure Other Write Access on Apache Directories and Files Is Restricted

ACCESS CONTROL, MEDIA PROTECTION

3.7 Ensure the Core Dump Directory Is Secured

ACCESS CONTROL, MEDIA PROTECTION

3.8 Ensure the Lock File Is Secured - 'LockFile directory'

ACCESS CONTROL, MEDIA PROTECTION

3.8 Ensure the Lock File Is Secured - 'LockFile on local hard drive'

ACCESS CONTROL, MEDIA PROTECTION

3.8 Ensure the Lock File Is Secured - 'LockFile permissions'

ACCESS CONTROL, MEDIA PROTECTION

3.9 Ensure the Pid File Is Secured - 'PidFile directory'

ACCESS CONTROL, MEDIA PROTECTION

3.9 Ensure the Pid File Is Secured - 'PidFile permissions'

ACCESS CONTROL, MEDIA PROTECTION

3.10 Ensure the ScoreBoard File Is Secured

ACCESS CONTROL, MEDIA PROTECTION

3.11 Ensure Group Write Access for the Apache Directories and Files Is Properly Restricted

ACCESS CONTROL, MEDIA PROTECTION

3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted

ACCESS CONTROL, MEDIA PROTECTION

3.13 Ensure Access to Special Purpose Application Writable Directories is Properly Restricted

ACCESS CONTROL, MEDIA PROTECTION

4.1 Ensure Access to OS Root Directory Is Denied By Default

ACCESS CONTROL, MEDIA PROTECTION

4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Allow directives exist'

ACCESS CONTROL, MEDIA PROTECTION

4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Require all denied'

ACCESS CONTROL, MEDIA PROTECTION

4.2 Ensure Appropriate Access to Web Content Is Allowed

ACCESS CONTROL, MEDIA PROTECTION

4.3 Ensure OverRide Is Disabled for the OS Root Directory - AllowOverride None

ACCESS CONTROL, MEDIA PROTECTION

4.3 Ensure OverRide Is Disabled for the OS Root Directory - exclude AllowOverrideList

ACCESS CONTROL, MEDIA PROTECTION

4.4 Ensure OverRide Is Disabled for All Directories - AllowOverride

ACCESS CONTROL, MEDIA PROTECTION

4.4 Ensure OverRide Is Disabled for All Directories - AllowOverrideList

ACCESS CONTROL, MEDIA PROTECTION

5.1 Ensure Options for the OS Root Directory Are Restricted

ACCESS CONTROL

5.2 Ensure Options for the Web Root Directory Are Restricted

ACCESS CONTROL

5.3 Ensure Options for Other Directories Are Minimized

ACCESS CONTROL

5.4 Ensure Default HTML Content Is Removed - 'httpd-manual is not installed'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

5.4 Ensure Default HTML Content Is Removed - 'other handler does not exist'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

5.4 Ensure Default HTML Content Is Removed - 'Server Information handler does not exist'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

5.4 Ensure Default HTML Content Is Removed - 'Server Status handler does not exist'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

5.5 Ensure the Default CGI Content printenv Script Is Removed

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

5.6 Ensure the Default CGI Content test-cgi Script Is Removed

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

5.7 Ensure HTTP Request Methods Are Restricted

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION