Description:
HTTP or web servers provide the ability to host web site content.
Rationale:
Unless there is a need to run the system as a web server, it is recommended that the
package be deleted to reduce the potential attack surface.
Audit:
Run the following command to verify apache is not installed:
# dpkg-query -W -f='${binary:Package}\t${Status}\t${db:Status-Status}\n'
apache2
apache2 unknown ok not-installed not-installed
Additional Information:
Several httpd servers exist and can use other service names. apache2 and nginx are
example services that provide an HTTP server. These and other services should also
be audited
Profile Applicability: Level 1 - Server Level 1 - Workstation
Description: HTTP or web servers provide the ability to host web site content.
Rationale: Unless there is a need to run the system as a web server, it is recommended that the package be deleted to reduce the potential attack surface.
Audit: Run the following command to verify apache is not installed:
Additional Information: Several httpd servers exist and can use other service names. apache2 and nginx are example services that provide an HTTP server. These and other services should also be audited