TNS IBM HTTP Server Best Practice Middleware

Audit Details

Name: TNS IBM HTTP Server Best Practice Middleware

Updated: 12/22/2023

Authority: IBM

Plugin: Unix

Revision: 1.8

Estimated Item Count: 46

File Details

Filename: TNS_IBM_HTTP_Server_Linux_Best_Practice_Middleware.audit

Size: 61.2 kB

MD5: ae63193c8d4df215b118de2a130fbbd3
SHA256: 36871bade5f01d518b7274494ce070173975c6a4516b0eee74fa491e8b528068

Audit Items

DescriptionCategories
Buffer overflow protection should be configured 'LimitRequestBody'

SYSTEM AND INFORMATION INTEGRITY

Buffer overflow protection should be configured 'LimitRequestFields'

SYSTEM AND INFORMATION INTEGRITY

Buffer overflow protection should be configured 'LimitRequestFieldsize'

SYSTEM AND INFORMATION INTEGRITY

Buffer overflow protection should be configured 'LimitRequestline'

SYSTEM AND INFORMATION INTEGRITY

CGI-BIN directory should be disabled. 'Addmodule mod_cgi.c'

CONFIGURATION MANAGEMENT

CGI-BIN directory should be disabled. 'AddModule mod_env.c'

CONFIGURATION MANAGEMENT

CGI-BIN directory should be disabled. 'Directory'

CONFIGURATION MANAGEMENT

CGI-BIN directory should be disabled. 'LoadModule cgi_module'

CONFIGURATION MANAGEMENT

CGI-BIN directory should be disabled. 'LoadModule env_module'

CONFIGURATION MANAGEMENT

CGI-BIN directory should be disabled. 'ScriptAlias'

CONFIGURATION MANAGEMENT

Configuration files should be secured against unauthorized access.
Directory access permissions should be restricted.

CONFIGURATION MANAGEMENT

Encryption protocols such as https should be used

SYSTEM AND COMMUNICATIONS PROTECTION

File permissions in the root document should only be accessible by administrator
HTTP TRACE method should be disabled. 'RewriteCond'

CONFIGURATION MANAGEMENT

HTTP TRACE method should be disabled. 'RewriteEngine'

CONFIGURATION MANAGEMENT

HTTP TRACE method should be disabled. 'RewriteLog'

CONFIGURATION MANAGEMENT

HTTP TRACE method should be disabled. 'RewriteLogLevel'

CONFIGURATION MANAGEMENT

HTTP TRACE method should be disabled. 'RewriteRule'

CONFIGURATION MANAGEMENT

HTTP TRACE method should be disabled. 'TraceEnable'

CONFIGURATION MANAGEMENT

Keep Alive setting parameter value should be appropriately configured.

SYSTEM AND COMMUNICATIONS PROTECTION

Keep Alive Timeout setting value should be appropriately configured.

SYSTEM AND COMMUNICATIONS PROTECTION

Latest Patches/Fixes should be installed

SYSTEM AND INFORMATION INTEGRITY

Limit HTTP methods allowed by the Web Server.

CONFIGURATION MANAGEMENT

Logging Directives should be restricted to authorized users. - 'CustomLog logs/access_log combined'

AUDIT AND ACCOUNTABILITY

Logging Directives should be restricted to authorized users. - 'ErrorLog logs/error_log'

AUDIT AND ACCOUNTABILITY

Logging Directives should be restricted to authorized users. - 'LogFormat'

AUDIT AND ACCOUNTABILITY

Logging Directives should be restricted to authorized users. - 'LogLevel notice'

AUDIT AND ACCOUNTABILITY

Logs containing auditing information should be secured at the directory level.

AUDIT AND ACCOUNTABILITY

MaxClients parameter value should be configured to appropriate value.

SYSTEM AND COMMUNICATIONS PROTECTION

MaxKeepAliveRequests parameter value should be appropriately configured.

SYSTEM AND COMMUNICATIONS PROTECTION

MaxSpareServers parameter value should be appropriately configured.

SYSTEM AND COMMUNICATIONS PROTECTION

MinSpareServers parameter value should be appropriately configured.

SYSTEM AND COMMUNICATIONS PROTECTION

Non-Essential modules should be disabled. 'mod_autoindex'

CONFIGURATION MANAGEMENT

Non-Essential modules should be disabled. 'mod_dav'

CONFIGURATION MANAGEMENT

Non-Essential modules should be disabled. 'mod_include'

CONFIGURATION MANAGEMENT

Non-Essential modules should be disabled. 'mod_info'

CONFIGURATION MANAGEMENT

Non-Essential modules should be disabled. 'mod_status'

CONFIGURATION MANAGEMENT

Non-Essential modules should be disabled. 'mod_userdir'

CONFIGURATION MANAGEMENT

Server version information parameters should be turned off - 'ServerSignature Off'

SYSTEM AND COMMUNICATIONS PROTECTION

Server version information parameters should be turned off - 'ServerTokens Prod'

SYSTEM AND COMMUNICATIONS PROTECTION

StartServers parameter value should be appropriately configured.

SYSTEM AND COMMUNICATIONS PROTECTION

Timeout value parameter value should be appropriately configured

ACCESS CONTROL

TNS_IBM_HTTP_Server_Linux_Best_Practice_Middleware.audit
User IDs which disclose the privileges associated with it, should not be created. 'lock'

ACCESS CONTROL

User IDs which disclose the privileges associated with it, should not be created. 'nologin'

ACCESS CONTROL