Download Scored - Information Security

Table of Contents Overview ...................................................................................................................................................................... 6 Intended Audience .............................................................................................................................................. 6 Consensus Guidance ........................................................................................................................................... 6 Typographical Conventions ............................................................................................................................ 7 Scoring Information ............................................................................................................................................ 7 Profile Definitions ................................................................................................................................................ 8 Acknowledgements ............................................................................................................................................. 9 Recommendations ................................................................................................................................................. 10 1 Recommendations ........................................................................................................................................ 10 1.1 Planning and Installation .................................................................................................................. 10 1.1.1 Pre-­‐Installation Planning Checklist (Not Scored) .......................................................... 10 1.1.2 Do Not Install a Multi-­‐use System (Not Scored) ............................................................. 12 1.1.3 Installing Apache (Not Scored) .............................................................................................. 13 1.2 Minimize Apache Modules ................................................................................................................ 14 1.2.1 Enable only necessary Authentication and Authorization Modules (Not Scored)
......................................................................................................................................................................... 14 1.2.2 Enable the Log Config Module (Scored) ............................................................................. 16 1.2.3 Disable WebDAV Modules (Scored) ..................................................................................... 17 1.2.4 Disable Status Module (Scored) ............................................................................................ 18 1.2.5 Disable Autoindex Module (Scored) .................................................................................... 19 1.2.6 Disable Proxy Modules (Scored) ........................................................................................... 20 1.2.7 Disable User Directories Modules (Scored) ..................................................................... 22 1.2.8 Disable Info Module (Scored) ................................................................................................. 23 1.3 Principles, Permissions, and Ownership .................................................................................... 24 2 | P a g e