1.2 Ensure the Server Is Not a Multi-Use System

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Default server configurations often expose a wide variety of services unnecessarily increasing the risk to the system. Just because a server can perform many services doesn't mean it is wise to do so. The number of services and daemons executing on the Apache Web server should be limited to those necessary, with the Web server being the only primary function of the server.


Maintaining a server for a single purpose increases the security of your application and system. The more services which are exposed to an attacker, the more potential vectors an attacker has to exploit the system and therefore the higher the risk for the server. A Web server should function as only a web server and if possible, should not be mixed with other primary functions such as mail, DNS, database or middleware.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


Leverage the package or services manager for your OS to uninstall or disable unneeded services. On Red Hat systems, the following will disable a given service:

chkconfig <servicename> off

Default Value:

Depends on OS Platform

See Also