An XCCDF Group - A logical subset of the XCCDF Benchmark
firewalld
http
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
https
firewall-cmd --permanent --add-service=https
sshd
$ sudo systemctl enable sshd.service
httpd
chroot
ChrootDir
/chroot/apache
/etc/httpd/conf/httpd.conf
ChrootDir /chroot/apache
/etc/http/conf
$ sudo chmod 0750 /etc/http/conf
$ sudo chmod 700 /var/log/httpd/
/etc/http/conf.d/*
$ sudo chmod 0640 /etc/http/conf.d/*
/etc/http/conf/*
$ sudo chmod 0640 /etc/http/conf/*
/etc/http/conf.modules.d/*
$ sudo chmod 0640 /etc/http/conf.modules.d/*
/var/log/httpd/
/var/log/httpd
$ sudo chown root /var/log/httpd
/var/log/httpd/*
$ sudo chown root /var/log/httpd/*