2.2.9 Ensure HTTP server is not enabled

Information

HTTP or web servers provide the ability to host web site content.
Rationale:
Unless there is a need to run the system as a web server, it is recommended that the package be deleted to reduce the potential attack surface.

Solution

Run the following command to disable httpd :
# systemctl --now disable httpd
Notes:
Additional methods of disabling a service exist. Consult your distribution documentation for appropriate methods.
Several httpd servers exist and can use other service names. apache, apache2, lighttpd, and nginx are example services that provide an HTTP server. These and other services should also be audited.

See Also

https://workbench.cisecurity.org/files/2485