Guide to the Secure Configuration of Oracle Linux 9
Rules, Groups, and Values defined within the XCCDF Benchmark
-
HTTPD Log Level
The setting for LogLevel in /etc/httpd/conf/httpd.confValue -
Maximum KeepAlive Requests for HTTPD
The setting for MaxKeepAliveRequests in httpd.confValue -
Configure Operating System to Protect Web Server
The following configuration steps should be taken on the system which hosts the web server, in order to provide as safe an environment as possible ...Group -
Run httpd in a chroot Jail if Practical
Running <code>httpd</code> inside a <code>chroot</code> jail is designed to isolate the web server process to a small section of the filesystem, li...Group -
Restrict File and Directory Access
Minimize access to criticalhttpd
files and directories.Group -
Configure PERL Securely
PERL (Practical Extraction and Report Language) is an interpreted language optimized for scanning arbitrary text files, extracting information from...Group -
Configure PHP Securely
PHP is a widely-used and often misconfigured server-side scripting language. It should be used with caution, but configured appropriately when need...Group -
Directory Restrictions
The Directory tags in the web server configuration file allow finer grained access control for a specified directory. All web directories should be...Group -
Deploy mod_ssl
Because HTTP is a plain text protocol, all traffic is susceptible to passive monitoring. If there is a need for confidentiality, SSL should be conf...Group -
Network Time Protocol
The Network Time Protocol is used to manage the system clock over a network. Computer clocks are not very accurate, so time will drift unpredictabl...Group -
Minimize Web Server Loadable Modules
A default installation of <code>httpd</code> includes a plethora of dynamically shared objects (DSO) that are loaded at run-time. Unlike the aforem...Group -
httpd Core Modules
These modules comprise a basic subset of modules that are likely needed for base <code>httpd</code> functionality; ensure they are not commented ou...Group -
Minimize Modules for HTTP Basic Authentication
The following modules are necessary if this web server will provide content that will be restricted by a password. <br><br> Authentication can be p...Group -
Minimize Configuration Files Included
The <code>Include</code> directive directs <code>httpd</code> to load supplementary configuration files from a provided path. The default configura...Group -
Minimize Various Optional Components
The following modules perform very specific tasks, sometimes providing access to just a few additional directives. If such functionality is not req...Group -
Use Appropriate Modules to Improve httpd's Security
Among the modules available for <code>httpd</code> are several whose use may improve the security of the web server installation. This section reco...Group -
Deploy mod_security
The <code>security</code> module provides an application level firewall for <code>httpd</code>. Following its installation with the base ruleset, s...Group -
Restrict Web Server Information Leakage
The <code>ServerTokens</code> and <code>ServerSignature</code> directives determine how much information the web server discloses about the configu...Group -
Configure HTTPD-Served Web Content Securely
Running <code>httpd</code> inside a <code>chroot</code> jail is designed to isolate the web server process to a small section of the filesystem, li...Group -
Web Login Banner Verbiage
Enter an appropriate login banner for your organization. Please note that new lines must be expressed by the '\n' character and special characters ...Value
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.