Apache Server 2.4 UNIX Server Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Apache web server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.
During the initial setup of a Transport Layer Security (TLS) connection to the Apache web server, the client sends a list of supported cipher suites in order of preference. The Apache web server wi...Rule Medium Severity -
The account used to run the Apache web server must not have a valid login shell and password defined.
During installation of the Apache web server software, accounts are created for the Apache web server to operate properly. The accounts installed can have either no password installed or a default ...Rule High Severity -
The Apache web server must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.
Configuring the Apache web server to implement organization-wide security implementation guides and security checklists guarantees compliance with federal standards and establishes a common securit...Rule Low Severity -
The Apache web server htpasswd files (if present) must reflect proper ownership and permissions.
In addition to OS restrictions, access rights to files and directories can be set on a website using the web server software. That is, in addition to allowing or denying all access rights, a rule c...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.