2.2.9 Ensure HTTP server is not installed

Information

HTTP or web servers provide the ability to host web site content.

Rationale:

Unless there is a need to run the system as a web server, it is recommended that the package be removed to reduce the potential attack surface.

Notes:

Several http servers exist. apache, apache2, lighttpd, and nginx are example packages that provide an HTTP server.

These and other packages should also be audited, and removed if not required.

Solution

Run the following command to remove httpd:

# yum remove httpd

See Also

https://workbench.cisecurity.org/files/3144

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: 63ca1f0ab9e76e492f9afc40649e08e7589302103e7709827a297522c71faa7b