AS24-U1-000240 – The Apache web server must not perform user management for hosted applications.
Details User management and authentication can be an essential part of any application hosted by the web server. Along with...
- Home
- Security Hardening
- DISA STIG Apache Server 2.4 Unix Server V2R5 Middleware
DISA STIG Apache Server 2.4 Unix Server V2R5 Middleware
AS24-U1-000250 – The Apache web server must only contain services and functions necessary for operation.
Details A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too...AS24-U1-000260 – The Apache web server must not be a proxy server.
Details A web server should be primarily a web server or a proxy server but not both, for the same...AS24-U1-000070 – The Apache web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events – LogFormat
Details Log records can be generated from various components within the Apache web server (e.g., httpd, plug-ins to external backends,...AS24-U1-000130 – An Apache web server, behind a load balancer or proxy server, must produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event.
Details Apache web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay...AS24-U1-000160 – The Apache web server must use a logging mechanism that is configured to alert the Information System Security Officer (ISSO) and System Administrator (SA) in the event of a processing failure.
Details Reviewing log data allows an investigator to recreate the path of an attacker and to capture forensic data for...AS24-U1-000180 – The Apache web server log files must only be accessible by privileged users.
Details Log data is essential in the investigation of events. If log data were to become compromised, competent forensic analysis...AS24-U1-000190 – The log information from the Apache web server must be protected from unauthorized modification or deletion.
Details Log data is essential in the investigation of events. If log data were to become compromised, competent forensic analysis...AS24-U1-000210 – The log data and records from the Apache web server must be backed up onto a different system or media.
Details Protection of log data includes ensuring log data is not accidentally lost or deleted. Backing up log records to...AS24-U1-000270 – The Apache web server must provide install options to exclude the installation of documentation, sample code, example applications, and tutorials – Welcome page
Details Apache web server documentation, sample code, example applications, and tutorials may be an exploitable threat to an Apache web...