5.13 Ensure Access to Inappropriate File Extensions Is Restricted - 'httpd.conf approved extention FileMatch directive exists' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.13 Ensure Access to Inappropriate File Extensions Is Restricted - 'httpd.conf FileMatch directive' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.14 Ensure IP Address Based Requests Are Disallowed - 'httpd.conf RewriteCond %{HTTP_HOST} exists' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.14 Ensure IP Address Based Requests Are Disallowed - 'httpd.conf RewriteCond %{REQUEST_URI} exists' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.14 Ensure IP Address Based Requests Are Disallowed - 'httpd.conf RewriteEngine = on' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.14 Ensure IP Address Based Requests Are Disallowed - [L,F] exists' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.15 Ensure the IP Addresses for Listening for Requests Are Specified - 'httpd.conf Listen [::ffff:0.0.0.0]:80 does not exists' | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
5.15 Ensure the IP Addresses for Listening for Requests Are Specified - 'httpd.conf Listen 0.0.0.0:80 does not exists' | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
5.16 Ensure Browser Framing Is Restricted | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.17 Ensure HTTP Header Referrer-Policy is set appropriately | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
5.18 Ensure HTTP Header Permissions-Policy is set appropriately | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'Main' | AUDIT AND ACCOUNTABILITY |
6.2 Ensure a Syslog Facility Is Configured for Error Logging - 'VirtualHost' | AUDIT AND ACCOUNTABILITY |
6.6 Ensure ModSecurity Is Installed and Enabled | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active Rules | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly Threshold | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly Threshold | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia Level | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
7.10 Ensure OCSP Stapling Is Enabled - SSLStaplingCache | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
7.10 Ensure OCSP Stapling Is Enabled - SSLUseStapling | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
7.11 Ensure HTTP Strict Transport Security Is Enabled | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
7.12 Ensure Only Cipher Suites That Provide Forward Secrecy Are Enabled | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
8.3 Ensure All Default Apache Content Is Removed - 'httpd.conf Alias /icons/ /var/www/icons/ does not exist' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
8.3 Ensure All Default Apache Content Is Removed - 'httpd.conf Include conf/extra/httpd-autoindex.conf does not exists' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
8.4 Ensure ETag Response Header Fields Do Not Include Inodes | SYSTEM AND INFORMATION INTEGRITY |
10.1 Ensure the LimitRequestLine directive is Set to 512 or less | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
10.2 Ensure the LimitRequestFields Directive is Set to 100 or Less | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or Less | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
10.4 Ensure the LimitRequestBody Directive is Set to 102400 or Less | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
11.1 Ensure SELinux Is Enabled in Enforcing Mode - config | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
11.1 Ensure SELinux Is Enabled in Enforcing Mode - current | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
11.2 Ensure Apache Processes Run in the httpd_t Confined Context - apachectl | ACCESS CONTROL, MEDIA PROTECTION |
11.2 Ensure Apache Processes Run in the httpd_t Confined Context - httpd | ACCESS CONTROL, MEDIA PROTECTION |
11.3 Ensure the httpd_t Type is Not in Permissive Mode | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
11.4 Ensure Only the Necessary SELinux Booleans are Enabled | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
12.1 Ensure the AppArmor Framework Is Enabled | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
12.2 Ensure the Apache AppArmor Profile Is Configured Properly | CONFIGURATION MANAGEMENT |
12.3 Ensure Apache AppArmor Profile is in Enforce Mode | CONFIGURATION MANAGEMENT |
CIS_Apache_HTTP_Server_2.4_Benchmark_v2.1.0.audit from CIS Apache HTTP Server 2.4 Benchark v2.1.0 | |