1.2 Ensure the Server Is Not a Multi-Use System

Information

A web server should function as only a web server, and it possible should not be mixed with other primary functions such as email, DNS, databases, or middleware. The number of services and daemons executing on the server should be limited to those necessary.

Rationale:

Default server configurations often expose a wide variety of services. The more services exposed to an attacker, the more potential vectors an attacker has to exploit the server and therefore the higher the risk for the server. Just because a server can perform many services doesn't mean it is wise to do so. Maintaining a server for a single purpose increases the security of your application and system.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Leverage the package or services manager for your OS to uninstall or disable all unneeded services. On Red Hat systems, the following will disable a given service:

chkconfig <servicename> off

See Also

https://workbench.cisecurity.org/files/2378

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-3, CSCv6|9.5, CSCv7|2.10

Plugin: Unix

Control ID: fa46b3f96a599d03b200a9004e2e6d9f39fe23dafe097149d85e44fe85aa7c03