CIS Apache HTTP Server 2.4 L1 v2.0.0 Middleware

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apache HTTP Server 2.4 L1 v2.0.0 Middleware

Updated: 9/13/2023

Authority: CIS

Plugin: Unix

Revision: 1.9

Estimated Item Count: 85

File Details

Filename: CIS_Apache_HTTP_Server_2.4_Benchmark_v2.0.0_Level_1_Middleware.audit

Size: 218 kB

MD5: 8edf6f428590415f836523e2333ddc32
SHA256: 5a56a77fc4d989882cd88fbf434639f57d5d7609268d22fff512b4faf41b7842

Audit Changelog

 
Revision 1.9

Sep 13, 2023

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.8

Apr 12, 2023

Miscellaneous
  • Metadata updated.
  • Platform check updated.
  • Variables updated.
Revision 1.7

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.6

Jan 4, 2023

Miscellaneous
  • Metadata updated.
Revision 1.5

Aug 9, 2022

Functional Update
  • 2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled
  • 2.2 Ensure the Log Config Module Is Enabled
  • 2.3 Ensure the WebDAV Modules Are Disabled
  • 2.4 Ensure the Status Module Is Disabled
  • 2.5 Ensure the Autoindex Module Is Disabled
  • 2.6 Ensure the Proxy Modules Are Disabled
  • 2.7 Ensure the User Directories Module Is Disabled
  • 2.8 Ensure the Info Module Is Disabled
  • 2.9 Ensure the Basic and Digest Authentication Modules are Disabled
  • 3.1 Ensure the Apache Web Server Runs As a Non-Root User - Group
  • 3.1 Ensure the Apache Web Server Runs As a Non-Root User - User
  • 3.1 Ensure the Apache Web Server Runs As a Non-Root User - id
  • 3.10 Ensure the ScoreBoard File Is Secured
  • 3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted
  • 3.2 Ensure the Apache User Account Has an Invalid Shell
  • 3.3 Ensure the Apache User Account Is Locked
  • 3.8 Ensure the Lock File Is Secured - configured
  • 3.8 Ensure the Lock File Is Secured - permissions
  • 3.9 Ensure the Pid File Is Secured - 'PidFile directory'
  • 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - rewrite_module
  • 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - ErrorLog
  • 6.5 Ensure Applicable Patches Are Applied
  • 7.1 Ensure mod_ssl and/or mod_nss Is Installed
  • 9.5 Ensure the Timeout Limits for Request Headers is Set to 40 or Less - mod_reqtimeout
  • 9.6 Ensure Timeout Limits for the Request Body is Set to 20 or Less - mod_reqtimeout
Miscellaneous
  • Platform check updated.
Revision 1.4

Apr 25, 2022

Miscellaneous
  • Metadata updated.
Revision 1.3

Mar 29, 2022

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.2

Jun 17, 2021

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.1

May 6, 2021

Functional Update
  • 3.7 Ensure the Core Dump Directory Is Secured
  • 4.1 Ensure Access to OS Root Directory Is Denied By Default - allow
  • 4.1 Ensure Access to OS Root Directory Is Denied By Default - deny
  • 4.3 Ensure OverRide Is Disabled for the OS Root Directory - AllowOverride None
  • 4.3 Ensure OverRide Is Disabled for the OS Root Directory - exclude AllowOverrideList
  • 4.4 Ensure OverRide Is Disabled for All Directories - AllowOverride
  • 5.1 Ensure Options for the OS Root Directory Are Restricted
  • 5.10 Ensure Access to .ht* Files Is Restricted
  • 5.2 Ensure Options for the Web Root Directory Are Restricted
  • 5.3 Ensure Options for Other Directories Are Minimized
  • 5.7 Ensure HTTP Request Methods Are Restricted - allow
  • 5.7 Ensure HTTP Request Methods Are Restricted - deny
  • 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - VirtualHost RewriteEngine
  • 5.9 Ensure Old HTTP Protocol Versions Are Disallowed - VirtualHost RewriteOptions
  • 6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly - VirtualHost
  • 7.2 Ensure a Valid Trusted Certificate Is Installed
  • 7.3 Ensure the Server's Private Key Is Protected
  • 7.5 Ensure Weak SSL/TLS Ciphers Are Disabled - 'Global SSLCipherSuite'
  • 7.5 Ensure Weak SSL/TLS Ciphers Are Disabled - 'Global SSLHonorCipherOrder = On'
  • 7.5 Ensure Weak SSL/TLS Ciphers Are Disabled - 'VirtualHost SSLCipherSuite'
  • 7.5 Ensure Weak SSL/TLS Ciphers Are Disabled - 'VirtualHost SSLHonorCipherOrder = On'
  • 7.8 Ensure Medium Strength SSL/TLS Ciphers Are Disabled
  • 7.9 Ensure All Web Content is Accessed via HTTPS
Miscellaneous
  • References updated.