1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
1.2 Ensure the Server Is Not a Multi-Use System | CONFIGURATION MANAGEMENT |
1.3 Ensure Apache Is Installed From the Appropriate Binaries | CONFIGURATION MANAGEMENT |
2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled | CONFIGURATION MANAGEMENT |
2.2 Ensure the Log Config Module Is Enabled | AUDIT AND ACCOUNTABILITY |
2.3 Ensure the WebDAV Modules Are Disabled | CONFIGURATION MANAGEMENT |
2.4 Ensure the Status Module Is Disabled | CONFIGURATION MANAGEMENT |
2.5 Ensure the Autoindex Module Is Disabled | CONFIGURATION MANAGEMENT |
2.6 Ensure the Proxy Modules Are Disabled if not in use | CONFIGURATION MANAGEMENT |
2.7 Ensure the User Directories Module Is Disabled | CONFIGURATION MANAGEMENT |
2.8 Ensure the Info Module Is Disabled | CONFIGURATION MANAGEMENT |
2.9 Ensure the Basic and Digest Authentication Modules are Disabled - auth_basic_module | CONFIGURATION MANAGEMENT |
2.9 Ensure the Basic and Digest Authentication Modules are Disabled - auth_digest_module | CONFIGURATION MANAGEMENT |
3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'apache account is configured' | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd services are running as apache user' | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf Group = apache' | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf User = apache' | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
3.2 Ensure the Apache User Account Has an Invalid Shell | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
3.3 Ensure the Apache User Account Is Locked | ACCESS CONTROL |
3.4 Ensure Apache Directories and Files Are Owned By Root | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
3.5 Ensure the Group Is Set Correctly on Apache Directories and Files | ACCESS CONTROL, MEDIA PROTECTION |
3.6 Ensure Other Write Access on Apache Directories and Files Is Restricted | ACCESS CONTROL, MEDIA PROTECTION |
3.7 Ensure the Core Dump Directory Is Secured | ACCESS CONTROL, MEDIA PROTECTION |
3.8 Ensure the Lock File Is Secured - 'LockFile directory' | ACCESS CONTROL, MEDIA PROTECTION |
3.8 Ensure the Lock File Is Secured - 'LockFile on local hard drive' | ACCESS CONTROL, MEDIA PROTECTION |
3.8 Ensure the Lock File Is Secured - 'LockFile permissions' | ACCESS CONTROL, MEDIA PROTECTION |
3.9 Ensure the Pid File Is Secured - 'PidFile directory' | ACCESS CONTROL, MEDIA PROTECTION |
3.9 Ensure the Pid File Is Secured - 'PidFile permissions' | ACCESS CONTROL, MEDIA PROTECTION |
3.10 Ensure the ScoreBoard File Is Secured | ACCESS CONTROL, MEDIA PROTECTION |
3.11 Ensure Group Write Access for the Apache Directories and Files Is Properly Restricted | ACCESS CONTROL, MEDIA PROTECTION |
3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted | ACCESS CONTROL, MEDIA PROTECTION |
3.13 Ensure Access to Special Purpose Application Writable Directories is Properly Restricted | ACCESS CONTROL, MEDIA PROTECTION |
4.1 Ensure Access to OS Root Directory Is Denied By Default | ACCESS CONTROL, MEDIA PROTECTION |
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Allow directives exist' | ACCESS CONTROL, MEDIA PROTECTION |
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Require all denied' | ACCESS CONTROL, MEDIA PROTECTION |
4.2 Ensure Appropriate Access to Web Content Is Allowed | ACCESS CONTROL, MEDIA PROTECTION |
4.3 Ensure OverRide Is Disabled for the OS Root Directory - AllowOverride None | ACCESS CONTROL, MEDIA PROTECTION |
4.3 Ensure OverRide Is Disabled for the OS Root Directory - exclude AllowOverrideList | ACCESS CONTROL, MEDIA PROTECTION |
4.4 Ensure OverRide Is Disabled for All Directories - AllowOverride | ACCESS CONTROL, MEDIA PROTECTION |
4.4 Ensure OverRide Is Disabled for All Directories - AllowOverrideList | ACCESS CONTROL, MEDIA PROTECTION |
5.1 Ensure Options for the OS Root Directory Are Restricted | ACCESS CONTROL |
5.2 Ensure Options for the Web Root Directory Are Restricted | ACCESS CONTROL |
5.3 Ensure Options for Other Directories Are Minimized | ACCESS CONTROL |
5.4 Ensure Default HTML Content Is Removed - 'httpd-manual is not installed' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.4 Ensure Default HTML Content Is Removed - 'other handler does not exist' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.4 Ensure Default HTML Content Is Removed - 'Server Information handler does not exist' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.4 Ensure Default HTML Content Is Removed - 'Server Status handler does not exist' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.5 Ensure the Default CGI Content printenv Script Is Removed | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.6 Ensure the Default CGI Content test-cgi Script Is Removed | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.7 Ensure HTTP Request Methods Are Restricted | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |