TNS IBM HTTP Server Best Practice

Audit Details

Name: TNS IBM HTTP Server Best Practice

Updated: 6/17/2024

Authority: IBM

Plugin: Unix

Revision: 1.17

Estimated Item Count: 47

File Details

Filename: TNS_IBM_HTTP_Server_Linux_Best_Practice.audit

Size: 63.1 kB

MD5: 27a36888bb4cc1e97294ceb2a8de6267
SHA256: d940a04098a5290e8123b930e7bed5c4f42ad8c877cfdd9c840b02c7b7fa0700

Audit Items

DescriptionCategories
Buffer overflow protection should be configured 'LimitRequestBody'

SYSTEM AND INFORMATION INTEGRITY

Buffer overflow protection should be configured 'LimitRequestFields'

SYSTEM AND INFORMATION INTEGRITY

Buffer overflow protection should be configured 'LimitRequestFieldsize'

SYSTEM AND INFORMATION INTEGRITY

Buffer overflow protection should be configured 'LimitRequestline'

SYSTEM AND INFORMATION INTEGRITY

CGI-BIN directory should be disabled. 'Addmodule mod_cgi.c'

CONFIGURATION MANAGEMENT

CGI-BIN directory should be disabled. 'AddModule mod_env.c'

CONFIGURATION MANAGEMENT

CGI-BIN directory should be disabled. 'Directory'

CONFIGURATION MANAGEMENT

CGI-BIN directory should be disabled. 'LoadModule cgi_module'

CONFIGURATION MANAGEMENT

CGI-BIN directory should be disabled. 'LoadModule env_module'

CONFIGURATION MANAGEMENT

CGI-BIN directory should be disabled. 'ScriptAlias'

CONFIGURATION MANAGEMENT

Configuration files should be secured against unauthorized access.
Directory access permissions should be restricted.

CONFIGURATION MANAGEMENT

Encryption protocols such as https should be used

SYSTEM AND COMMUNICATIONS PROTECTION

File permissions in the root document should only be accessible by administrator
HTTP TRACE method should be disabled. 'RewriteCond'

CONFIGURATION MANAGEMENT

HTTP TRACE method should be disabled. 'RewriteEngine'

CONFIGURATION MANAGEMENT

HTTP TRACE method should be disabled. 'RewriteLog'

CONFIGURATION MANAGEMENT

HTTP TRACE method should be disabled. 'RewriteLogLevel'

CONFIGURATION MANAGEMENT

HTTP TRACE method should be disabled. 'RewriteRule'

CONFIGURATION MANAGEMENT

HTTP TRACE method should be disabled. 'TraceEnable'

CONFIGURATION MANAGEMENT

IBM HTTP Server is installed and running on the system
Keep Alive setting parameter value should be appropriately configured.

SYSTEM AND COMMUNICATIONS PROTECTION

Keep Alive Timeout setting value should be appropriately configured.

SYSTEM AND COMMUNICATIONS PROTECTION

Latest Patches/Fixes should be installed

SYSTEM AND INFORMATION INTEGRITY

Limit HTTP methods allowed by the Web Server.

CONFIGURATION MANAGEMENT

Logging Directives should be restricted to authorized users. - 'CustomLog logs/access_log combined'

AUDIT AND ACCOUNTABILITY

Logging Directives should be restricted to authorized users. - 'ErrorLog logs/error_log'

AUDIT AND ACCOUNTABILITY

Logging Directives should be restricted to authorized users. - 'LogFormat'

AUDIT AND ACCOUNTABILITY

Logging Directives should be restricted to authorized users. - 'LogLevel notice'

AUDIT AND ACCOUNTABILITY

Logs containing auditing information should be secured at the directory level.

AUDIT AND ACCOUNTABILITY

MaxClients parameter value should be configured to appropriate value.

SYSTEM AND COMMUNICATIONS PROTECTION

MaxKeepAliveRequests parameter value should be appropriately configured.

SYSTEM AND COMMUNICATIONS PROTECTION

MaxSpareServers parameter value should be appropriately configured.

SYSTEM AND COMMUNICATIONS PROTECTION

MinSpareServers parameter value should be appropriately configured.

SYSTEM AND COMMUNICATIONS PROTECTION

Non-Essential modules should be disabled. 'mod_autoindex'

CONFIGURATION MANAGEMENT

Non-Essential modules should be disabled. 'mod_dav'

CONFIGURATION MANAGEMENT

Non-Essential modules should be disabled. 'mod_include'

CONFIGURATION MANAGEMENT

Non-Essential modules should be disabled. 'mod_info'

CONFIGURATION MANAGEMENT

Non-Essential modules should be disabled. 'mod_status'

CONFIGURATION MANAGEMENT

Non-Essential modules should be disabled. 'mod_userdir'

CONFIGURATION MANAGEMENT

Server version information parameters should be turned off - 'ServerSignature Off'

SYSTEM AND COMMUNICATIONS PROTECTION

Server version information parameters should be turned off - 'ServerTokens Prod'

SYSTEM AND COMMUNICATIONS PROTECTION

StartServers parameter value should be appropriately configured.

SYSTEM AND COMMUNICATIONS PROTECTION

Timeout value parameter value should be appropriately configured

ACCESS CONTROL

TNS_IBM_HTTP_Server_Linux_Best_Practice.audit
User IDs which disclose the privileges associated with it, should not be created. 'lock'

ACCESS CONTROL

User IDs which disclose the privileges associated with it, should not be created. 'nologin'

ACCESS CONTROL