ࡱ> [Z g2\p Sain, Joe Ba= ThisWorkbook=hW]38X@"1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Calibri1 Calibri1Calibri14Calibri1 Calibri1Calibri1Calibri1,>Calibri1>Calibri1>Calibri1>Calibri14Calibri1<Calibri1?Calibri1h>Cambria1Calibri1 Calibri"$"#,##0_);\("$"#,##0\)!"$"#,##0_);[Red]\("$"#,##0\)""$"#,##0.00_);\("$"#,##0.00\)'""$"#,##0.00_);[Red]\("$"#,##0.00\)7*2_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_).))_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_)                                                                      ff + ) , *     P  P        `            a   H 8   h )8  )8   h     ( 8  (@ @  @ x  )x ||KcD}A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef ;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L ;_(@_) }A} 00\);_(*23;_(@_) }A} 00\);_(*23;_(@_) }A} 00\);_(*23;_(@_) }A} 00\);_(*23;_(@_) }A}  00\);_(*23;_(@_) }A}! 00\);_(*23 ;_(@_) }A}" 00\);_(*;_(@_) }A}# 00\);_(*;_(@_) }A}$ 00\);_(*;_(@_) }A}% 00\);_(*;_(@_) }A}& 00\);_(*;_(@_) }A}' 00\);_(* ;_(@_) }A}( 00\);_(*;_(@_) }}) }00\);_(*;_(@_)    }}* 00\);_(*;_(@_) ??? ??? ??? ???}-}/ 00\);_(*}A}0 a00\);_(*;_(@_) }A}1 00\);_(*;_(@_) }A}2 00\);_(*?;_(@_) }A}3 00\);_(*23;_(@_) }-}4 00\);_(*}}5 ??v00\);_(*̙;_(@_)    }A}6 }00\);_(*;_(@_) }A}7 e00\);_(*;_(@_) }x}800\);_(*;_(  }}9 ???00\);_(*;_(??? ???  ??? ???}-}; 00\);_(*}U}< 00\);_(*;_( }-}= 00\);_(*}(}H00\);_(*}(}I00\);_(*}(}J00\);_(* 20% - Accent1M 20% - Accent1 ef % 20% - Accent2M" 20% - Accent2 ef % 20% - Accent3M& 20% - Accent3 ef % 20% - Accent4M* 20% - Accent4 ef % 20% - Accent5M. 20% - Accent5 ef % 20% - Accent6M2 20% - Accent6  ef % 40% - Accent1M 40% - Accent1 L % 40% - Accent2M# 40% - Accent2 L渷 % 40% - Accent3M' 40% - Accent3 L % 40% - Accent4M+ 40% - Accent4 L % 40% - Accent5M/ 40% - Accent5 L % 40% - Accent6M3 40% - Accent6  Lմ % 60% - Accent1M 60% - Accent1 23 % 60% - Accent2M$ 60% - Accent2 23ږ % 60% - Accent3M( 60% - Accent3 23כ % 60% - Accent4M, 60% - Accent4 23 % 60% - Accent5M0 60% - Accent5 23 %! 60% - Accent6M4 60% - Accent6  23 % "Accent1AAccent1 O % #Accent2A!Accent2 PM % $Accent3A%Accent3 Y % %Accent4A)Accent4 d % &Accent5A-Accent5 K % 'Accent6A1Accent6  F %(Bad9Bad  %) Calculation Calculation  }% * Check Cell Check Cell  %????????? ???+ Comma,( Comma [0]-&Currency.. Currency [0]/Explanatory TextG5Explanatory Text % 0Good;Good  a%1 Heading 1G Heading 1 I}%O2 Heading 2G Heading 2 I}%?3 Heading 3G Heading 3 I}%234 Heading 49 Heading 4 I}% 5InputuInput ̙ ??v% 6 Linked CellK Linked Cell }% 7NeutralANeutral  e%"Normal 8Noteb Note   9OutputwOutput  ???%????????? ???:$Percent ;Title1Title I}% <TotalMTotal %OO= Warning Text? Warning Text %XTableStyleMedium9PivotStyleMedium48dq:F3ffff̙̙3f3fff3f3f33333f33333\`ZmApacheHTTPD1.38 CCE IDCCE DescriptionCCE ParametersCCE Technical MechanismsJApache's configuration directory should be owned by the appropriate group. (1) group (1) via chownIApache's configuration directory should be owned by the appropriate user.(1) userKApache's demo CGI printenv.pl should be available or removed as appropriate(1) exist / not existI(1) (ServerRoot)\cgi-bin\printenv.pl (2) (ServerRoot)/cgi-bin/printenv.pl+testcgi should be installed as appropriate.(1) exist/not exist(1) cgi-script directory^The "FollowSymLinks" setting of the DocumentRoot should be enabled or disabled as appropriate.=(1) FollowSymLinks / -FollowSymLinks / +FollowSymLinks / NoneV(1) Apache configuration file: Options directive (in DocumentRoot Directory directive)^The "IncludesNOEXEC" setting of the DocumentRoot should be enabled or disabled as appropriate.=(1) IncludesNoExec / -IncludesNoExec / +IncludesNoExec / NoneWThe "Indexes" setting of the DocumentRoot should be enabled or disabled as appropriate.((1) Indexes / -Indexes / +Indexes / NoneFThe Allow Directive for the OS root should be configured appropriately2(1) all | hostname/IP address/environment variable(1) Allow directive]The Allow directive for the specified Directory directive should be configured appropriately.DThe Apache "KeepAlive" directive should be configured appropriately. (1) On / Off2(1) Apache configuration file: KeepAlive directiveKThe Apache "KeepAliveTimeout" directive should be configured appropriately.(1) Number value (in seconds)9(1) Apache configuration file: KeepAliveTimeout directiveKThe Apache "LimitRequestBody" directive should be configured appropriately.(1) Number value (in bytes) 9(1) Apache configuration file: LimitRequestBody directiveLThe Apache "LimitRequestFields" directive should be configured appropriately(1) Number value;(1) Apache configuration file: LimitRequestFields directiveTThe Apache "LimitRequestFieldSizeBody" directive should be configured appropriately.(1) Number value (in bytes)B(1) Apache configuration file: LimitRequestFieldSizeBody directiveKThe Apache "LimitRequestline" directive should be configured appropriatley.9(1) Apache configuration file: LimitRequestLine directiveCThe Apache "LogLevel" directive should be configured appropriately.?(1) debug / info / notice / warn / error / crit / alert / emerg1(1) Apache configuration file: LogLevel directiveEThe Apache "MaxClients" directive should be configured appropriately.3(1) Apache configuration file: MaxClients directiveGThe Apache "ServerTokens" directive should be configured appropriately.9(1) Prod[uctOnly] / Major / Minor / Min[imal] / OS / Full5(1) Apache configuration file: ServerTokens directiveBThe Apache "Timeout" directive should be configured appropriately.0(1) Apache configuration file: Timeout directive^The Apache access log file data should be configured to contain the appropriate data elements.(1) LogFormat Format String2(1) Apache configuration file: LogFormat directivelThe Apache AllowOverride Directive should be configured appropriately for operating system root directories.B(1) AuthConfig / FileInfo / Indexes / Limit / Options / All / None6(1) Apache configuration file: AllowOverride directivedThe Apache AllowOverride directive should be configured appropriately for web site root directories.OThe Apache ErrorDocument directive should be set correctly for HTTP 400 errors.(1) message/document<(1) Apache configuration file: 'ErrorDocument 400' directive3The Apache Group directive should be set correctly.(1) group name.(1) Apache configuration file: Group directiveQThe Apache runtime rewriting engine should be enabled or disabled as appropriate. (1) off/on6(1) Apache configuration file: RewriteEngine directiveAThe Apache ServerSignature directive should be set appropriately.(1) On/Off/EMail8(1) Apache configuration file: ServerSignature directive=The Apache system logging should be configured appropriately./(1) File path | pipe (2) LogFormat | nickname 2(1) Apache configuration file: CustomLog directiveIThe Apache user account should be allowed root privileges as appropriate.(1) allowed/not allowed(1) via /etc/passwd2The Apache User directive should be set correctly. (1) user name-(1) Apache configuration file: User directiveNThe ApacheErrorDocument directive should be set correctly for HTTP 401 errors.<(1) Apache configuration file: 'ErrorDocument 401' directiveNThe ApacheErrorDocument directive should be set correctly for HTTP 403 errors.<(1) Apache configuration file: 'ErrorDocument 403' directiveNThe ApacheErrorDocument directive should be set correctly for HTTP 404 errors.<(1) Apache configuration file: 'ErrorDocument 404' directiveNThe ApacheErrorDocument directive should be set correctly for HTTP 405 errors.<(1) Apache configuration file: 'ErrorDocument 405' directiveNThe ApacheErrorDocument directive should be set correctly for HTTP 500 errors.<(1) Apache configuration file: 'ErrorDocument 500' directiveEThe Deny Directive for the OS root should be configured appropriately(1) Deny directive\The Deny directive for the specified Directory directive should be configured appropriately.TThe group membership of any Apache files in /var/log/httpd/ should be set correctly. (1) via chgrpRThe group membership of the Apache /etc/httpd/conf.d file should be set correctly.WThe group membership of the Apache /etc/httpd/conf/passwd file should be set correctly.TThe group membership of the Apache /usr/sbin/apachectl file should be set correctly.QThe group membership of the Apache /usr/sbin/httpd file should be set correctly. NThe group membership of the Apache /var/www/html file should be set correctly.HThe group membership of the Apache user account should be set correctly.(1) via /etc/groupMThe ownership of log files in Apache /var/log/httpd/ should be set correctly. (1) ownerKThe ownership of the Apache /etc/httpd/conf.d file should be set correctly.PThe ownership of the Apache /etc/httpd/conf/passwd file should be set correctly.MThe ownership of the Apache /usr/sbin/apachectl file should be set correctly.JThe ownership of the Apache /usr/sbin/httpd file should be set correctly. GThe ownership of the Apache /var/www/html file should be set correctly.MThe path for Apache sites error log files should be configured appropriately. (1) File path1(1) Apache configuration file: ErrorLog directiveNThe permissions for the Apache /etc/httpd/conf.d file should be set correctly.(1) permissionsSThe permissions for the Apache /etc/httpd/conf/passwd file should be set correctly.PThe permissions for the Apache /usr/sbin/apachectl file should be set correctly.MThe permissions for the Apache /usr/sbin/httpd file should be set correctly. IThe permissions for the Apache/var/www/html file should be set correctly.OThe permissions of any Apache files in /var/log/httpd/ should be set correctly.ZThe Unix permissions of Apache's configuration directory should be configred appropriately (1) via chmodXThe"Includes" setting of the DocumentRoot should be enabled or disabled as appropriate. +(1) Includes / -Includes / +Includes / NoneYThe"MultiViews" setting of the DocumentRoot should be enabled or disabled as appropriate.1(1) MultiViews / -MultiViews / +MultiViews / NoneGThe Order directive for the OS root should be configured appropriately.,(1) Allow,Deny / Deny,Allow / Mutual-failure (1) Order directiveBPermitted HTTP request methods should be configured appropriately.)(1) methods (2) access control directives4(1) Apache configuration file: LimitExecpt directiveFAccess to Apache's httpd.conf file should be configured appropriately.?(1) set of accounts (2) list of permissions (3) applicability4(1) defined by (ServerRoot)\conf\httpd.conf's DACL jThe Windows permissions for all files specified by CustomLog directives should be configured appropriately"(1) defined by the object's DACL iThe Windows permissions for all files specified by ErrorLog directives<& should be configured appropriatelyAThe location of the Apache htpasswd file should be set correctly.(1) directory path(1) Directory of htpasswd fileFThe Apache Server Administrator email address should be set correctly.(1) email address3(1) 'ServerAdmin' line in Apache configuration fileDThe Apache user account should be locked or unlocked as appropriate.(1) locked/unlocked8File permissions for httpd.conf should be set correctly.<The httpd.conf file should be owned by the appropriate user.=The httpd.conf file should be owned by the appropriate group.RThe Unix permissions of Apache's htpasswd file should be configured appropriately.5The htpasswd should be owned by the appropriate user.;The htpasswd file should be owned by the appropriate group.GThe Apache "StartServers" directive should be configured appropriately.5(1) Apache configuration file: StartServers directiveJThe Apache "MinSpareServers" directive should be configured appropriately.8(1) Apache configuration file: MinSpareServers directiveJThe Apache "MaxSpareServers" directive should be configured appropriately.8(1) Apache configuration file: MaxSpareServers directiveWThe "ExecCGI" setting of the DocumentRoot should be enabled or disabled as appropriate.'(1) ExecCGI / -ExecCGI/ +ExecCGI / NoneWThe Order directive for all DocumentRoot directives should be configured appropriately.T(1) Apache configuration file: Order directive (in DocumentRoot Directory directive)]The Order directive for the specified Directory directive should be configured appropriately.O (1) TARGET: Directory directive (2) Apache configuration file: Order directiveCL1 19. Updating Ownership and Permissions for Enhanced Security p27/L1 18. Remove Default/Unneeded Apache Files p276L1 15. Directory Functionality/Features Directives p236L1 15. Directory Functionality/Features Directives p24$L1 13. Access Control Directives p21BL1 10. Denial of Service (DoS) Protective General Directives pg 16%L2 7. Buffer Overflow Protections p42%L1 17. Logging General Directives p26=L1 11. Web Server Software Obfuscation General Directives p17*L1 8. User Oriented General Directives p144L1 21. Deny HTTP TRACE Requests with Mod_Rewrite p33,L1 4. Create the Apache Web User Account p11*L1 8. User Oriented General Directives p13L2 4. ErrorLog - Syslog p70-719L1 15. Directory Functionality/Features Directives p24-25(L1 16. Limiting HTTP Request Methods p25$L1 14. Authentication Mechanisms p22/L1 5. Lock Down the Apache Web User Account p11+1.19 Updating Ownership and Permissions p341.18 Remove Default Content p33B1.8 Directory Functionality Control with the Options Directive p161.7 Restricting Access p14-15,1.13 Denial of Service Prevention Tuning p21*1.14 Buffer Overflow Protection Tuning p23*1.14 Buffer Overflow Protection Tuning p241.17 Logging p31,1.13 Denial of Service Prevention Tuning p2201.16 Software Information Leakage Protection p291.17 Logging p30B1.8 Directory Functionality Control with the Options Directive p17:2.7 Additional Software Information Leakage Protection p5031.6 Creating the Apache User and Group Accounts p14'1.11 Restrict HTTP Protocol Version p192.5 Syslog Logging p44-451.7 Restricting Access p15MCIS Apache Benchmark for Unix For Apache Versions 1.3 and 2.0 Levels I and II\CIS Security Configuration Benchmark For Apache Web Server 2.2.0 Version 2.2.0 November 2008 CCE-27905-9 CCE-27713-7 CCE-27582-6 CCE-27923-2 CCE-27885-3 CCE-27991-9 CCE-27484-5 CCE-27784-8 CCE-27505-7 CCE-27969-5 CCE-27797-0 CCE-28018-0 CCE-27962-0 CCE-27025-6 CCE-28008-1 CCE-27805-1 CCE-27264-1 CCE-27863-0 CCE-27790-5 CCE-27855-6 CCE-27823-4 CCE-27701-2 CCE-27960-4 CCE-27939-8 CCE-27324-3 CCE-27896-0 CCE-27739-2 CCE-27983-6 CCE-27942-2 CCE-27029-8 CCE-27867-1 CCE-27951-3 CCE-27963-8 CCE-28026-3 CCE-27321-9 CCE-27592-5 CCE-27755-8 CCE-27958-8 CCE-27804-4 CCE-27988-5 CCE-27832-5 CCE-27770-7 CCE-27475-3 CCE-28028-9 CCE-27970-3 CCE-27036-3 CCE-27136-1 CCE-27932-3 CCE-27561-0 CCE-28004-0 CCE-27956-2 CCE-27929-9 CCE-27632-9 CCE-27902-6 CCE-27997-6 CCE-27537-0 CCE-28019-8 CCE-27874-7 CCE-27656-8 CCE-27071-0 CCE-27987-7 CCE-27489-4 CCE-28009-9 CCE-27977-8 CCE-27802-8 CCE-27803-6 CCE-27924-0 CCE-28027-1 CCE-27147-8 CCE-28109-7 CCE-27949-7 CCE-27502-4 CCE-28001-6 CCE-28139-4 CCE-27654-3 CCE-27916-6 CCE-27785-5 CCE-28125-3 CCE-28116-2Last modfied: 2013-02-11Version: 5.20130214", -/'1#3446 8 ;u<>? +B<FDWzFfHwJ8LINORTTAUXWE X Z [ ~[k[^\K\>]+]^ ^{^cc PK![Content_Types].xmlN0EH-J@%ǎǢ|ș$زULTB l,3;rØJB+$G]7O٭VMԯNDJ++2a,/$nECA6٥D-ʵ? dXiJF8,nx (MKoP(\HbWϿ})zg'8yV#x'˯?oOz3?^?O?~B,z_=yǿ~xPiL$M>7Ck9I#L nꎊ)f>\<|HL|3.ŅzI2O.&e>Ƈ8qBۙ5toG1sD1IB? }J^wi(#SKID ݠ1eBp{8yC]$f94^c>Y[XE>#{Sq c8 >;-&~ ..R(zy s^Fvԇ$*cߓqrB3' }'g7t4Kf"߇ފAV_] 2H7Hk;hIf;ZX_Fڲe}NM;SIvưõ[H5Dt(?]oQ|fNL{d׀O&kNa4%d8?L_H-Ak1h fx-jWBxlB -6j>},khxd׺rXg([x?eޓϲكkS1'|^=aѱnRvPK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 0_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!0ktheme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK]  g2 Rxn|8  dMbP?_*+%&?'?(?)?"d,,??&U} } $2} $)} 2} } %H} R``D@      G> G> ? F ? ? C I I A B B B@ J J E B B B@ J J E B B B @ J J E B B B@ J J E B B B@ J J E B B B@ J J E B B B @ J J E B B B @ J J E B B B @ J J E B B B @ J J E B B B  @ J J E B! B" B#@ J J E B$ B% B&@ J J E B' B( B)@ J J E B* B" B+@ J J E B, B- B.@ J J E B/ B% B0@ J J E B1 B2 B3@ J J E B4 B B5@ J J E B6 B7 B8@ J J E B9 B: B;@ J J E B< B: B;@ J J E B= B> B?@ J J E B@ BA BB@ J J E BC BD BE@ J J E BF BG BH@ J J E BI BJ BK@ J J E BL BM BN@ J J E BO BP BQ@ J JD lb^^^^^^^^^^^^^^^^^^^^^^^^^^^^ !"#$%&'()*+,-./0123456789:;<=>? E BR B> BS @ J J !E !BT !B> !BU!@ !J !J "E "BV "B> "BW"@ "J "J #E #BX #B> #BY#@ #J #J $E $BZ $B> $B[$@ $J $J %E %B\ %B %B]%@ %J %J &E &B^ &B &B]&@ &J &J 'E 'B_ 'B 'B`'@ 'J 'J (E (Ba (B (B`(@ (J (J )E )Bb )B )B`)@ )J )J *E *Bc *B *B`*@ *J *J +E +Bd +B +B`+@ +J +J ,E ,Be ,B ,B`,@ ,J ,J -E -Bf -B -Bg-@ -J -J .E .Bh .Bi .B.@ .J .J /E /Bj /Bi /B/@ /J /J 0E 0Bk 0Bi 0B0@ 0J 0J 1E 1Bl 1Bi 1B1@ 1J 1J 2E 2Bm 2Bi 2B2@ 2J 2J 3E 3Bn 3Bi 3B3@ 3J 3J 4E 4Bo 4Bp 4Bq4@ 4J 4J 5E 5Br 5Bs 5B5@ 5J 5J 6E 6Bt 6Bs 6B6@ 6J 6J 7E 7Bu 7Bs 7B7@ 7J 7J 8E 8Bv 8Bs 8B8@ 8J 8J 9E 9Bw 9Bs 9B9@ 9J 9J :E :Bx :Bs :B:@ :J :J ;E ;By ;Bs ;Bz;@ ;J ;J <E <B{ <B| <B<@ <J <J =E =B} =B~ =B=@ =J =J >E >B >B >B>@ >J>J ?E ?B ?B ?B?@ ?J?JD8l^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^Z@ABCDEFGHIJKLMNOPQ @E @B @B @B@@ @J@J AE AB AB ABA@ AJAJ BE  BB BB BBB@ BJBJ CE  CB CB CBC@ CJCJ DE  DB DB DBD@ DJDJ EE  EB EB EBNE@ EJEJ FE  FB FBs FBz F@J FJ GE GB GB GB G@J GJ HE HB HB HB H@J HJ IE IB IBs IBz I@J IJ JE JB JB JB J@J JJ KE KB KB KB K@J KJ LE LB LB% LB L@J LJ ME MB MB% MB M@J MJ NE NB NB% NB N@J NJ OE OB OB OB O@J OJ PE PB PB PB P@J PJ QE QB QB QB Q@J QJ(tTZZZZZZTTTTTTTTTTT>@A  Sheet1ggD@ Oh+'0@H`t Sain, Joseph A. Sain, JoeMicrosoft Macintosh Excel@`s,@ɝ՜.+,0HP X`hp x  ApacheHTTPD1.3  Worksheets  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIKLMNOPQSTUVWXYRoot Entry FIFWorkbookSummaryInformation(JDocumentSummaryInformation8R