New Apache Compliance Audit Policy

Tenable´s research team has released a Nessus 3 audit policy file which can be used to audit the configuration of Apache web servers running on various UNIX platforms. The policy can be customized to your specific Apache distribution. It can audit many aspects of the httpd.conf file.

For example, it has the ability to easily automate testing for which user the httpd process is running under, which ports it is bound to and what log format should be enabled. Since the actual configuration file is used, Nessus can perform this analysis even when the Apache server isn´t running.

For completeness of report, Nessus´s file content features are designed to ensure that if a certain setting is supposed to be set, it will pass if it is set, fail if it is not set and also provide a warning if the setting doesn´t exist.Read Full Story

Leave a Reply