Guide to the Secure Configuration of Red Hat Enterprise Linux 7
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Directory Restrictions
The Directory tags in the web server configuration file allow finer grained access control for a specified directory. All web directories should be...Group -
Web Content Directories Must Not Be Shared Anonymously
Web content directories should not be shared anonymously over remote filesystems such as <code>nfs</code> and <code>smb</code>. Remove the shares f...Rule Medium Severity -
Remove Write Permissions From Filesystem Paths And Server Scripts
Configure permissions for each instance of <code>Alias</code>, <code>ScriptAlias</code>, and <code>ScriptAliasMatch</code> that exist. <pre>$ sudo ...Rule High Severity -
Disable Anonymous FTP Access
If any directories that contain dynamic scripts can be accessed via FTP by any group or user that does not require access, remove permissions to su...Rule Medium Severity -
Disable CGI Support
The <code>cgi</code> module allows HTML to interact with the CGI web programming language. <br><br> If this functionality is unnecessary, comment o...Rule Unknown Severity -
Ignore HTTPD .htaccess Files
SetAllowOverridetononefor each instant of<Directory>.Rule Medium Severity -
Limit Available Methods
Web server methods are defined in section 9 of RFC 2616 ( <a href="http://www.ietf.org/rfc/rfc2616.txt">http://www.ietf.org/rfc/rfc2616.txt</a>...Rule Unknown Severity -
Restrict Other Critical Directories
All accessible web directories should be configured with similarly restrictive settings. The <code>Options</code> directive should be limited to ne...Rule Unknown Severity -
Restrict Root Directory
The <code>httpd</code> root directory should always have the most restrictive configuration enabled. <pre><Directory / > Options None A...Rule Unknown Severity -
Restrict Web Directory
The default configuration for the web (<code>/var/www/html</code>) Directory allows directory indexing (<code>Indexes</code>) and the following of ...Rule Unknown Severity -
Minimize Web Server Loadable Modules
A default installation of <code>httpd</code> includes a plethora of dynamically shared objects (DSO) that are loaded at run-time. Unlike the aforem...Group -
httpd Core Modules
These modules comprise a basic subset of modules that are likely needed for base <code>httpd</code> functionality; ensure they are not commented ou...Group -
Disable Cache Support
The <code>cache</code> module allows <code>httpd</code> to cache data, optimizing access to frequently accessed content. However, it introduces pot...Rule Unknown Severity -
The mailx Package Is Installed
A mail server is required for sending emails. The <code>mailx</code> package can be installed with the following command: <pre> $ sudo yum install ...Rule Medium Severity -
Enable log_config_module For HTTPD Logging
The <code>log_config_module</code> should exist and be configured in the <code>/etc/httpd/conf/httpd.conf</code> file by adding the following modul...Rule Medium Severity -
Disable LDAP Support
The <code>ldap</code> module provides HTTP authentication via an LDAP directory. If its functionality is unnecessary, comment out the related modul...Rule Unknown Severity -
Disable MIME Magic
The <code>mime_magic</code> module provides a second layer of MIME support that in most configurations is likely extraneous. If its functionality i...Rule Unknown Severity -
Disable HTTP mod_rewrite
The <code>mod_rewrite</code> module is very powerful and can protect against certain classes of web attacks. However, it is also very complex and h...Rule Unknown Severity -
Disable Proxy Support
The <code>proxy</code> module provides proxying support, allowing <code>httpd</code> to forward requests and serve as a gateway for other servers. ...Rule Unknown Severity -
Disable Server Activity Status
The <code>status</code> module provides real-time access to statistics on the internal operation of the web server. This may constitute an unnecess...Rule Unknown Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.