CIS Apache HTTP Server 2.4 v2.3.0 L2

Audit Details

Name: CIS Apache HTTP Server 2.4 v2.3.0 L2

Updated: 2/11/2026

Authority: CIS

Plugin: Unix

Revision: 1.0

Estimated Item Count: 31

File Details

Filename: CIS_Apache_HTTP_Server_2.4_v2.3.0_L2.audit

Size: 184 kB

MD5: c628d7f7680551ac14c238ac3a23fd7f

SHA256: 6549af42cf5a877c6bda4927c2c79532b9256b4d66bff1572afc48131d7040ed

Audit Items

Description	Categories
5.2 Ensure Options for the Web Root Directory Are Restricted	ACCESS CONTROL
5.3 Ensure Options for Other Directories Are Minimized	ACCESS CONTROL
5.5 Ensure the Default CGI Content printenv Script Is Removed	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
5.6 Ensure the Default CGI Content test-cgi Script Is Removed	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
5.7 Ensure HTTP Request Methods Are Restricted	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION
5.13 Ensure Access to Inappropriate File Extensions Is Restricted	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
5.14 Ensure IP Address Based Requests Are Disallowed	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
5.15 Ensure the IP Addresses for Listening for Requests Are Specified	CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
5.16 Ensure Browser Framing Is Restricted	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
5.17 Ensure HTTP Header Referrer-Policy is set appropriately	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
5.18 Ensure HTTP Header Permissions-Policy is set appropriately	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY
6.2 Ensure a Syslog Facility Is Configured for Error Logging	AUDIT AND ACCOUNTABILITY
6.6 Ensure ModSecurity Is Installed and Enabled	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled	SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.10 Ensure OCSP Stapling Is Enabled	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.11 Ensure HTTP Strict Transport Security Is Enabled	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.12 Ensure Only Cipher Suites That Provide Forward Secrecy Are Enabled	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
8.3 Ensure All Default Apache Content Is Removed	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
8.4 Ensure ETag Response Header Fields Do Not Include Inodes	SYSTEM AND INFORMATION INTEGRITY
10.1 Ensure the LimitRequestLine directive is Set to 8190 or less but not 0	ACCESS CONTROL, CONFIGURATION MANAGEMENT
10.2 Ensure the LimitRequestFields Directive is Set to 100 or Less but not 0	ACCESS CONTROL, CONFIGURATION MANAGEMENT
10.3 Ensure the LimitRequestFieldsize Directive is Set to 8190 or Less	ACCESS CONTROL, CONFIGURATION MANAGEMENT
10.4 Ensure the LimitRequestBody Directive is Set to 102400 or Less but not 0	ACCESS CONTROL, CONFIGURATION MANAGEMENT
11.1 Ensure SELinux Is Enabled in Enforcing Mode	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION
11.2 Ensure Apache Processes Run in the httpd_t Confined Context	ACCESS CONTROL, MEDIA PROTECTION
11.3 Ensure the httpd_t Type is Not in Permissive Mode	ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION
11.4 Ensure Only the Necessary SELinux Booleans are Enabled	CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
12.1 Ensure the AppArmor Framework Is Enabled	CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
12.2 Ensure the Apache AppArmor Profile Is Configured Properly	CONFIGURATION MANAGEMENT
12.3 Ensure Apache AppArmor Profile is in Enforce Mode	CONFIGURATION MANAGEMENT
CIS_Apache_HTTP_Server_2.4_v2.3.0_L2.audit from CIS Apache HTTP Server 2.4 v2.3.0

Detections

Analytics

CIS Apache HTTP Server 2.4 v2.3.0 L2

Audit Details

File Details

Audit Items