Ensure Options for the Web Root Directory Are Restricted
Details The Apache ‘Options’ directive allows for specific configuration of options, including execution of CGI, following symbolic links, server side...
- Home
- Security Hardening
- CIS Apache HTTP Server 2.2 L2 V3 6.0
CIS Apache HTTP Server 2.2 L2 V3 6.0
Ensure Other Write Access on Apache Directories and Files Is Restricted
Details The permission on the Apache directories should be ‘rwxr-xr-x’ (755) and the file permissions should be similar, except not...Ensure OverRide Is Disabled for All Directories
Details The Apache ‘AllowOverride’ directive allows for ‘.htaccess’ files to be used to override much of the configuration, including authentication,...Ensure OverRide Is Disabled for the OS Root Directory
Details The Apache ‘OverRide’ directive allows for ‘.htaccess’ files to be used to override much of the configuration, including authentication,...Ensure the Apache User Account Has an Invalid Shell
Details The ‘apache’ account must not be used as a regular login account, so it should be assigned an invalid...Ensure the Apache User Account Is Locked
Details The user account under which Apache runs should not have a valid password, but should be locked. Rationale: As...Ensure the Apache Web Server Runs As a Non-Root User – ‘apache account is configured’
Details Although Apache is typically started with root privileges in order to listen on port ’80’ and ‘443’, it can...Ensure the Apache Web Server Runs As a Non-Root User – ‘httpd.conf Group = apache’
Details Although Apache is typically started with root privileges in order to listen on port ’80’ and ‘443’, it can...Ensure the Apache Web Server Runs As a Non-Root User – ‘httpd.conf User = apache’
Details Although Apache is typically started with root privileges in order to listen on port ’80’ and ‘443’, it can...Ensure the Apache Web Server Runs As a Non-Root User – ‘httpd services are running as apache user’
Details Although Apache is typically started with root privileges in order to listen on port ’80’ and ‘443’, it can...