CIS Level 1 & 2 Benchmark and
Scoring Tool for the Apache Web Server |
-
Click Here to Download Them
- FAQ - The Benchmarks |
January 2008:
The Apache
Benchmark (v2.1) and Scoring Tool (v2.0.8) are now available!
The benchmark is intended for all available versions of Apache through 2.2.6, and includes a number of new controls for mod_security.
|
| The Download Files Include: |
- CIS_Apache_Benchmark_v2.1.pdf - the Benchmark document
contains detailed instructions for implementing the steps necessary for
CIS Level 1 and Level 2 security.
- cis_score_tool_apache_v2.10.sh.gz - a Host-based Scoring Tool scores the
security of a system against the Benchmark and creates a variance
report.
The Benchmark and Scoring Tool software are non-invasive, "Read Only" files.
|
| What are the Benchmark and
the Scoring Tool? |
| The
Benchmark is a compilation of security configuration actions and settings
that "harden" Apache web servers.
It recommends Level 1 Benchmark
guidance, representing the prudent level of minimum due care for operating system security.
Level 1 Benchmark settings/actions:
- Can be understood and performed by system
administrators with any level of security knowledge and experience;
- Are unlikely to cause an interruption of service
to the operating system or the applications that run on it; and
- Can be automatically monitored either by CIS
Scoring Tools or by CIS Certified tools available from security software
vendors. CLICK HERE for a roster of
commercially available
CIS-certified software tools.
The Level 2 Benchmark settings/actions:
- Enhance security beyond the minimum due care level, based on
specific network architecture and server function.
- Contain some security configuration recommendations that affect functionality, and are therefore of greatest value to system administrators who have sufficient security knowledge to apply them with consideration to the functions and applications running in their particular environments.
The CIS Scoring Tool for Apache provides a quick and easy way to evaluate
systems and compare their level of security against the CIS minimum due care
security Benchmark. Tool reports guide system administrators to harden both
new installations and active production systems. The tool is also effective
for monitoring systems to assure that security settings continuously conform
with the Benchmark.
|
| Share Your Feedback |
We
value your feedback, which may be used both to update the Level 1 Apache
Benchmark and to further define the Level 2 security configuration
recommendations. Please direct your technical feedback to:
The CIS Feedback Email Address
Please direct other feedback to:
Dave
Shackleford, Vice President
For more information about the CIS consensus process and the benchmarks,
go to What are the Benchmarks? and
FAQ - The Benchmarks.
|
| Updates to the Benchmark |
| The CIS
Level 1 & 2 Benchmark for Apache is updated periodically. Continuous feedback from CIS Members and other users assures that the
consensus standard of minimum due care is always reflected in the Level 1 settings
and that the latest recommendations are always reflected in the Level 2
settings.
Revision
histories can be found in the benchmark documents.
One of the benefits of CIS Membership is electronic notification when
updates become available.
Click Here for more
information about membership.
If your organization is not a member of the Center, visit this website
periodically to assure that you are using the latest version of the Apache Benchmark.
Click Here to see what Members say about The Center for Internet
Security.
DOWNLOAD
the CIS Level 1 & 2 Benchmark and Scoring Tool for Apache |
