CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware

Audit Details

Name: CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware

Updated: 4/12/2023

Authority: CIS

Plugin: Unix

Revision: 1.8

Estimated Item Count: 91

File Details

Filename: CIS_Apache_HTTP_Server_2.2_Benchmark_v3.6.0_Level_1_Middleware.audit

Size: 287 kB

MD5: d527cf055b70565c951d274324bead08

SHA256: 6c1680e99f77811fe5a18f37d45985722205165b05a4ed13aad335206fb080d8

Audit Items

Description	Categories
1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented
1.2 Ensure the Server Is Not a Multi-Use System	SYSTEM AND COMMUNICATIONS PROTECTION
1.3 Ensure Apache Is Installed From the Appropriate Binaries	CONFIGURATION MANAGEMENT
2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled	CONFIGURATION MANAGEMENT
2.2 Ensure the Log Config Module Is Enabled	AUDIT AND ACCOUNTABILITY
2.3 Ensure the WebDAV Modules Are Disabled	SYSTEM AND INFORMATION INTEGRITY
2.4 Ensure the Status Module Is Disabled	SYSTEM AND INFORMATION INTEGRITY
2.5 Ensure the Autoindex Module Is Disabled	CONFIGURATION MANAGEMENT
2.6 Ensure the Proxy Modules Are Disabled	SYSTEM AND INFORMATION INTEGRITY
2.7 Ensure the User Directories Module Is Disabled	CONFIGURATION MANAGEMENT
2.8 Ensure the Info Module Is Disabled	SYSTEM AND INFORMATION INTEGRITY
2.9 Ensure the Basic and Digest Authentication Modules are Disabled	SYSTEM AND INFORMATION INTEGRITY
3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'apache account is configured'	ACCESS CONTROL
3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf Group = apache'	ACCESS CONTROL
3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf User = apache'	ACCESS CONTROL
3.2 Ensure the Apache User Account Has an Invalid Shell	ACCESS CONTROL
3.3 Ensure the Apache User Account Is Locked	ACCESS CONTROL
3.4 Ensure Apache Directories and Files Are Owned By Root	ACCESS CONTROL
3.5 Ensure the Group Is Set Correctly on Apache Directories and Files	ACCESS CONTROL
3.6 Ensure Other Write Access on Apache Directories and Files Is Restricted	ACCESS CONTROL
3.7 Ensure the Core Dump Directory Is Secured
3.8 Ensure the Lock File Is Secured - 'LockFile directory'	ACCESS CONTROL
3.8 Ensure the Lock File Is Secured - 'LockFile permissions'	ACCESS CONTROL
3.9 Ensure the Pid File Is Secured	ACCESS CONTROL
3.9 Secure the Pid File - 'PidFile directory'	ACCESS CONTROL
3.10 Ensure the ScoreBoard File Is Secured	CONFIGURATION MANAGEMENT
3.11 Ensure Group Write Access for the Apache Directories and Files Is Properly Restricted	ACCESS CONTROL
3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted	ACCESS CONTROL
3.13 Ensure Access to Special Purpose Application Writable Directories is Properly Restricted	ACCESS CONTROL
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Deny = from all	ACCESS CONTROL
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Allow directives exist'	ACCESS CONTROL
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Deny directives exist'	ACCESS CONTROL
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Require directives exist'	ACCESS CONTROL
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Order = Deny,Allow	ACCESS CONTROL
4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf Require all denied	ACCESS CONTROL
4.2 Ensure Appropriate Access to Web Content Is Allowed - 'httpd.conf Order Deny,Allow'	ACCESS CONTROL
4.3 Ensure OverRide Is Disabled for the OS Root Directory	ACCESS CONTROL
4.4 Ensure OverRide Is Disabled for All Directories	ACCESS CONTROL
5.1 Ensure Options for the OS Root Directory Are Restricted	SYSTEM AND INFORMATION INTEGRITY
5.2 Ensure Options for the Web Root Directory Are Restricted	CONFIGURATION MANAGEMENT
5.3 Ensure Options for Other Directories Are Minimized	CONFIGURATION MANAGEMENT
5.4 Ensure Default HTML Content Is Removed - 'httpd-manual is not installed'	CONFIGURATION MANAGEMENT
5.4 Ensure Default HTML Content Is Removed - 'other handler does not exist'	CONFIGURATION MANAGEMENT
5.4 Ensure Default HTML Content Is Removed - 'Server Information handler does not exist'	CONFIGURATION MANAGEMENT
5.4 Ensure Default HTML Content Is Removed - 'Server Status handler does not exist'	CONFIGURATION MANAGEMENT
5.5 Ensure the Default CGI Content printenv Script Is Removed	ACCESS CONTROL
5.6 Ensure the Default CGI Content test-cgi Script Is Removed	ACCESS CONTROL
5.7 Ensure HTTP Request Methods Are Restricted - 'httpd.conf Document Root LimitExcept = GET,POST or OPTIONS only'	SYSTEM AND INFORMATION INTEGRITY
5.7 Ensure HTTP Request Methods Are Restricted - 'httpd.conf Document Root Order = Deny,Allow'	SYSTEM AND INFORMATION INTEGRITY
5.7 Ensure HTTP Request Methods Are Restricted - 'No Deny/Allow'	SYSTEM AND INFORMATION INTEGRITY

Detections

Analytics

CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware

Audit Details

File Details

Audit Items