AS24-U1-000020 - The Apache web server must perform server-side session management - httpd
AS24-U1-000030 - The Apache web server must use cryptography to protect the integrity of remote sessions - ssl_module
AS24-U1-000070 - The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events - log_config_module
AS24-U1-000230 - Expansion modules must be fully reviewed, tested, and signed before they can exist on a production Apache web server.
AS24-U1-000260 - The Apache web server must not be a proxy server.
AS24-U1-000330 - The Apache web server must have Web Distributed Authoring (WebDAV) disabled.
AS24-U1-000470 - Cookies exchanged between the Apache web server and client, such as session cookies, must have security settings that disallow cookie access outside the originating Apache web server and hosted application - httpd
AS24-U1-000510 - The Apache web server must generate a session ID long enough that it cannot be guessed through brute force - session_crypto
AS24-U1-000520 - The Apache web server must generate a session ID using as much of the character set as possible to reduce the risk of brute force.
AS24-U1-000650 - The Apache web server must set an inactive timeout for sessions - reqtimeout_module
AS24-U1-000750 - The Apache web server must generate log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT) which are stamped at a minimum granularity of one second - log_config_module
AS24-U1-000930 - The Apache web server must install security-relevant software updates within the configured time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
AS24-U1-000960 - The Apache web server software must be a vendor-supported version.
Miscellaneous
Metadata updated.
Platform check updated.
Variables updated.
Added
DISA_STIG_Apache_Server-2.4_Unix_v2r5.audit from DISA STIG Apache Server 2.4 Unix Server v2r5
