Detections
Analytics

Item Search

NameAudit NamePluginCategory
4.5 Restrict access to Tomcat temp directoryCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.7 Restrict access to Tomcat web application directoryCIS Apache Tomcat 10 L1 v1.1.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.7 Restrict access to Tomcat web application directoryCIS Apache Tomcat 7 L1 v1.1.0 MiddlewareUnix

ACCESS CONTROL

4.7 Restrict access to Tomcat web application directoryCIS Apache Tomcat 7 L1 v1.1.0Unix

ACCESS CONTROL

4.7 Restrict access to Tomcat web application directoryCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.7 Restrict access to Tomcat web application directoryCIS Apache Tomcat 11 v1.0.0 L1Unix

ACCESS CONTROL, MEDIA PROTECTION

4.10 Restrict access to Tomcat context.xmlCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

4.14 Restrict access to Tomcat web.xmlCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, MEDIA PROTECTION

6.5 Ensure 'sslProtocol' is Configured Correctly for Secure ConnectorsCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Application specific loggingCIS Apache Tomcat 7 L2 v1.1.0Unix
7.1 Application specific loggingCIS Apache Tomcat 7 L2 v1.1.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web applicationCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin defaultCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in defaultCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web applicationCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

7.5 Ensure pattern in context.xml is correctCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

AUDIT AND ACCOUNTABILITY

10.4 Force SSL when accessing the manager application via HTTPCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

10.13 Do not run applications as privilegedCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL

10.17 Setting Security Lifecycle Listener - check for umask uncommented in startupCIS Apache Tomcat 9 L1 v1.2.0 MiddlewareUnix

ACCESS CONTROL

11.2 Ensure Apache Processes Run in the httpd_t Confined ContextCIS Apache HTTP Server 2.4 v2.2.0 L2Unix

ACCESS CONTROL, MEDIA PROTECTION

AS24-U1-000270 - The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials - Welcome pageDISA STIG Apache Server 2.4 Unix Server v3r1 MiddlewareUnix

CONFIGURATION MANAGEMENT

AS24-U1-000270 - The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials.DISA STIG Apache Server 2.4 Unix Server v3r1Unix

CONFIGURATION MANAGEMENT

AS24-U1-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.DISA STIG Apache Server 2.4 Unix Server v3r1Unix

ACCESS CONTROL

AS24-U1-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.DISA STIG Apache Server 2.4 Unix Server v3r1 MiddlewareUnix

ACCESS CONTROL

AS24-U2-000700 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.DISA STIG Apache Server 2.4 Unix Site v2r4Unix

ACCESS CONTROL

AS24-U2-000700 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.DISA STIG Apache Server 2.4 Unix Site v2r4 MiddlewareUnix

ACCESS CONTROL

AS24-W1-000500 - The Apache web server must generate unique session identifiers that cannot be reliably reproduced.DISA STIG Apache Server 2.4 Windows Server v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION

AS24-W1-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.DISA STIG Apache Server 2.4 Windows Server v2r3Windows

ACCESS CONTROL

AS24-W1-000690 - Non-privileged accounts on the hosting system must only access Apache web server security-relevant information and functions through a distinct administrative account.DISA STIG Apache Server 2.4 Windows Server v3r1Windows

ACCESS CONTROL

CIS_Apache_Tomcat_10.1_v1.1.0_L1.audit from CIS Apache Tomcat 10.1 Benchmark v1.1.0CIS Apache Tomcat 10.1 v1.1.0 L1Unix
CIS_Apache_Tomcat_10.1_v1.1.0_L2.audit from CIS Apache Tomcat 10.1 Benchmark v1.1.0CIS Apache Tomcat 10.1 v1.1.0 L2Unix
CIS_Apache_Tomcat_11_v1.0.0_L2.audit from CIS Apache Tomcat 11 Benchmark v1.0.0CIS Apache Tomcat 11 v1.0.0 L2Unix
DISA_STIG_Crunchy_Data_PostgreSQL_v3r1_OS_Linux.audit from DISA Crunchy Data PostgreSQL v3r1 STIGDISA STIG Crunchy Data PostgreSQL OS v3r1Unix
DISA_STIG_Microsoft_Edge_v2r2.audit from DISA Microsoft Edge v2r2 STIGDISA STIG Edge v2r2Windows
DISA_STIG_Microsoft_OneDrive_v2r3.audit from DISA Microsoft OneDrive v2r3 STIGDISA STIG Microsoft OneDrive v2r3Windows
DISA_STIG_Oracle_Database_11.2g_v2r5_Database.audit from DISA Oracle Database 11.2g v2r5 STIGDISA STIG Oracle 11.2g v2r5 DatabaseOracleDB
DISA_STIG_Oracle_Database_11.2g_v2r5_OS_Linux.audit from DISA Oracle Database 11.2g v2r5 STIGDISA STIG Oracle 11.2g v2r5 LinuxUnix
DISA_STIG_Oracle_Database_11.2g_v2r5_OS_Windows.audit from DISA Oracle Database 11.2g v2r5 STIGDISA STIG Oracle 11.2g v2r5 WindowsWindows
DISA_STIG_Oracle_Database_12c_v3r2_Database.audit from DISA Oracle Database 12c v3r2 STIGDISA STIG Oracle 12c v3r2 DatabaseOracleDB
DISA_STIG_Oracle_Database_12c_v3r2_OS_Linux.audit from DISA Oracle Database 12c v3r2 STIGDISA STIG Oracle 12c v3r2 LinuxUnix
DISA_STIG_Oracle_Database_12c_v3r2_OS_Windows.audit from DISA Oracle Database 12c v3r2 STIGDISA STIG Oracle 12c v3r2 WindowsWindows
DISA_STIG_Oracle_MySQL_8.0_v2r2_Database.audit from DISA Oracle MySQL 8.0 v2r2 STIGDISA Oracle MySQL 8.0 v2r2 DBMySQLDB
DISA_STIG_Oracle_MySQL_8.0_v2r2_OS_Linux.audit from DISA Oracle MySQL 8.0 v2r2 STIGDISA Oracle MySQL 8.0 v2r2 OS LinuxUnix
DISA_STIG_Server_2012_and_2012_R2_DC_v3r7.audit from DISA Microsoft Windows Server 2012/2012 R2 Domain Controller v3r7 STIGDISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows
DISA_STIG_SLES_12_v3r2.audit from DISA SLES 12 v3r2 STIGDISA SLES 12 STIG v3r2Unix
User IDs which disclose the privileges associated with it, should not be created.TNS IBM HTTP Server Best PracticeWindows

ACCESS CONTROL

User IDs which disclose the privileges associated with it, should not be created. 'lock'TNS IBM HTTP Server Best Practice MiddlewareUnix

ACCESS CONTROL

User IDs which disclose the privileges associated with it, should not be created. 'lock'TNS IBM HTTP Server Best PracticeUnix

ACCESS CONTROL

User IDs which disclose the privileges associated with it, should not be created. 'nologin'TNS IBM HTTP Server Best Practice MiddlewareUnix

ACCESS CONTROL

User IDs which disclose the privileges associated with it, should not be created. 'nologin'TNS IBM HTTP Server Best PracticeUnix

ACCESS CONTROL