Detections
Analytics

CIS Apache HTTP Server 2.4 v2.2.0 L1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Apache HTTP Server 2.4 v2.2.0 L1

Updated: 2/11/2026

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 63

File Details

Filename: CIS_Apache_HTTP_Server_2.4_v2.2.0_L1.audit

Size: 213 kB

MD5: 691a357cf580c833ec32bd0aed699e89
SHA256: aeddb726f28b6cd76acd154e6688d4772fef1d5487158c5df806653bb90b443f

Audit Items

DescriptionCategories
1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented
1.2 Ensure the Server Is Not a Multi-Use System
1.3 Ensure Apache Is Installed From the Appropriate Binaries
2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled
2.2 Ensure the Log Config Module Is Enabled
2.3 Ensure the WebDAV Modules Are Disabled
2.4 Ensure the Status Module Is Disabled
2.5 Ensure the Autoindex Module Is Disabled
2.6 Ensure the Proxy Modules Are Disabled if not in use
2.7 Ensure the User Directories Module Is Disabled
2.8 Ensure the Info Module Is Disabled
2.9 Ensure the Basic and Digest Authentication Modules are Disabled
3.1 Ensure the Apache Web Server Runs As a Non-Root User
3.2 Ensure the Apache User Account Has an Invalid Shell
3.3 Ensure the Apache User Account Is Locked
3.4 Ensure Apache Directories and Files Are Owned By Root
3.5 Ensure the Group Is Set Correctly on Apache Directories and Files
3.6 Ensure Other Write Access on Apache Directories and Files Is Restricted
3.7 Ensure the Core Dump Directory Is Secured
3.8 Ensure the Lock File Is Secured
3.9 Ensure the Pid File Is Secured
3.10 Ensure the ScoreBoard File Is Secured
3.11 Ensure Group Write Access for the Apache Directories and Files Is Properly Restricted
3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted
3.13 Ensure Access to Special Purpose Application Writable Directories is Properly Restricted
4.1 Ensure Access to OS Root Directory Is Denied By Default
4.2 Ensure Appropriate Access to Web Content Is Allowed
4.3 Ensure OverRide Is Disabled for the OS Root Directory
4.4 Ensure OverRide Is Disabled for All Directories
5.1 Ensure Options for the OS Root Directory Are Restricted
5.2 Ensure Options for the Web Root Directory Are Restricted
5.3 Ensure Options for Other Directories Are Minimized
5.4 Ensure Default HTML Content Is Removed
5.5 Ensure the Default CGI Content printenv Script Is Removed
5.6 Ensure the Default CGI Content test-cgi Script Is Removed
5.7 Ensure HTTP Request Methods Are Restricted
5.8 Ensure the HTTP TRACE Method Is Disabled
5.9 Ensure Old HTTP Protocol Versions Are Disallowed
5.10 Ensure Access to .ht* Files Is Restricted
5.11 Ensure Access to .git Files Is Restricted
5.12 Ensure Access to .svn Files Is Restricted
6.1 Ensure the Error Log Filename and Severity Level Are Configured Correctly
6.3 Ensure the Server Access Log Is Configured Correctly
6.4 Ensure Log Storage and Rotation Is Configured Correctly
6.5 Ensure Applicable Patches Are Applied
7.1 Ensure mod_ssl and/or mod_nss Is Installed
7.2 Ensure a Valid Trusted Certificate Is Installed
7.3 Ensure the Server's Private Key Is Protected
7.4 Ensure the TLSv1.0 and TLSv1.1 Protocols are Disabled
7.5 Ensure Weak SSL/TLS Ciphers Are Disabled