6.5 Ensure Applicable Patches Are Applied

Information

Apply Apache patches within one month of availability.

Rationale:

Obviously knowing about newly discovered vulnerabilities is only part of the solution; there needs to be a process in place where patches are tested and installed. These patches fix diverse problems, including security issues. It is recommended to use the Apache packages and updates provided by your Linux platform vendor rather than building from source whenever possible in order to minimize the disruption and the work of keeping the software up-to-date.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Update to the latest Apache release available according to either of the following:

1. When building from source:

* Read release notes and related security patch information.

* Download latest source and any dependent modules such as mod_security.

* Build new Apache software according to your build process with the same configuration options.

* Install and test the new software according to your organization's testing process.

* Move to production according to your organization's deployment process.

2. When using platform packages:

* Read release notes and related security patch information.

* Download and install latest available Apache package and any dependent software.

* Test the new software according to your organization's testing process.

* Move to production according to your organization's deployment process.

See Also

https://workbench.cisecurity.org/files/2378

Item Details

Category: SYSTEM AND SERVICES ACQUISITION

References: 800-53|SA-13, CSCv6|4, CSCv7|18.4

Plugin: Unix

Control ID: 716743089b1ae3ae16f666e5ceac1268bc07e562e024d2d601112acdec65f72a