文件名称:CIS_Apache_HTTP_Server_2.4_Benchmark_v1.3.1.pdf
文件大小:979KB
文件格式:PDF
更新时间:2022-10-01 03:34:11
Apache Benchmark 安全加固
Apache 2.4 安全加固。 Table of Contents Overview ...................................................................................................................................................................... 6 Intended Audience .............................................................................................................................................. 6 Consensus Guidance ........................................................................................................................................... 6 Typographical Conventions ............................................................................................................................ 7 Scoring Information ............................................................................................................................................ 7 Profile Definitions ................................................................................................................................................ 8 Acknowledgements ............................................................................................................................................. 9 Recommendations ................................................................................................................................................. 10 1 Planning and Installation ........................................................................................................................... 10 1.1 Pre-Installation Planning Checklist (Not Scored) .............................................................. 10 1.2 Do Not Install a Multi-use System (Not Scored) ................................................................. 11 1.3 Installing Apache (Not Scored) .................................................................................................. 13 2 Minimize Apache Modules ........................................................................................................................ 15 2.1 Enable Only Necessary Authentication and Authorization Modules (Not Scored) ......................................................................................................................................................................... 15 2.2 Enable the Log Config Module (Scored) ................................................................................ 17 2.3 Disable WebDAV Modules (Scored) ........................................................................................ 19 2.4 Disable Status Module (Scored) ................................................................................................ 21 2.5 Disable Autoindex Module (Scored) ........................................................................................ 23 2.6 Disable Proxy Modules (Scored) ............................................................................................... 25 2.7 Disable User Directories Modules (Scored) ......................................................................... 27 2.8 Disable Info Module (Scored) ..................................................................................................... 29 3 Principles, Permissions, and Ownership ............................................................................................ 31 3.1 Run the Apache Web Server as a non-root user (Scored).............................................. 31 3.2 Give the Apache User Account an Invalid Shell (Scored) ............................................... 34 3.3 Lock the Apache User Account (Scored) ............................................................................... 35 3.4 Set Ownership on Apache Directories and Files (Scored)