| Checked | Name | Title |
|---|
| ☐ | SV-99869r1_rule | Lighttpd must limit the number of simultaneous requests. |
| ☐ | SV-99871r1_rule | Lighttpd must be configured with FIPS 140-2 compliant ciphers for https connections. |
| ☐ | SV-99873r1_rule | Lighttpd must be configured to use the SSL engine. |
| ☐ | SV-99875r1_rule | Lighttpd must be configured to use mod_accesslog. |
| ☐ | SV-99877r1_rule | Lighttpd must generate log records for system startup and shutdown. |
| ☐ | SV-99879r1_rule | Lighttpd must capture, record, and log the IP address associated with a user session. |
| ☐ | SV-99881r1_rule | Lighttpd must produce log records containing sufficient information to establish what type of events occurred. |
| ☐ | SV-99883r1_rule | Lighttpd must produce log records containing sufficient information to establish when (date and time) events occurred. |
| ☐ | SV-99885r1_rule | Lighttpd must produce log records containing sufficient information to establish where within the web server the events occurred. |
| ☐ | SV-99887r1_rule | Lighttpd must produce log records containing sufficient information to establish the source of events. |
| ☐ | SV-99889r1_rule | Lighttpd must produce log records containing sufficient information to establish the outcome (success or failure) of events. |
| ☐ | SV-99891r1_rule | Lighttpd must have the correct ownership on the log files to ensure they are only be accessible by privileged users. |
| ☐ | SV-99893r1_rule | Lighttpd must have the correct group-ownership on the log files to ensure they are only be accessible by privileged users. |
| ☐ | SV-99895r1_rule | Lighttpd must have the correct permissions on the log files to ensure they are only be accessible by privileged users. |
| ☐ | SV-99897r1_rule | Lighttpd must have the correct ownership on the log files to ensure they are protected from unauthorized modification. |
| ☐ | SV-99899r1_rule | Lighttpd must have the correct ownership on the log files to ensure they are protected from unauthorized deletion. |
| ☐ | SV-99901r1_rule | Lighttpd log data and records must be backed up onto a different system or media. |
| ☐ | SV-99903r1_rule | Lighttpd files must be verified for their integrity before being added to a production web server. |
| ☐ | SV-99905r1_rule | Lighttpd expansion modules must be verified for their integrity before being added to a production web server. |
| ☐ | SV-99907r1_rule | Lighttpd must prohibit unnecessary services, functions or processes. |
| ☐ | SV-99909r1_rule | Lighttpd must only contain components that are operationally necessary. |
| ☐ | SV-99911r1_rule | Lighttpd must have MIME types for csh or sh shell programs disabled. |
| ☐ | SV-99913r1_rule | Lighttpd must only enable mappings to necessary and approved scripts. |
| ☐ | SV-99915r1_rule | Lighttpd must have resource mappings set to disable the serving of certain file types. |
| ☐ | SV-99917r1_rule | Lighttpd must not have the Web Distributed Authoring (WebDAV) module installed. |
| ☐ | SV-99919r1_rule | Lighttpd must not have the webdav configuration file included. |
| ☐ | SV-99921r1_rule | Lighttpd must prevent hosted applications from exhausting system resources. |
| ☐ | SV-99923r1_rule | Lighttpd must not use symbolic links in the Lighttpd web content directory tree. |
| ☐ | SV-99925r1_rule | Lighttpd must be configured to use port 5480. |
| ☐ | SV-99927r1_rule | Lighttpd must use SSL/TLS protocols in order to secure passwords during transmission from the client. |
| ☐ | SV-99929r1_rule | Lighttpd must have private key access restricted. |
| ☐ | SV-99931r1_rule | Lighttpd must be configured to use only FIPS 140-2 approved ciphers. |
| ☐ | SV-99933r1_rule | Lighttpd must prohibit non-privileged accounts from accessing the directory tree, the shell, or other operating system functions and utilities. |
| ☐ | SV-99935r1_rule | Lighttpd must have the latest version installed. |
| ☐ | SV-99937r1_rule | The Lighttpd baseline must be maintained. |
| ☐ | SV-99939r1_rule | Lighttpd must protect against or limit the effects of HTTP types of Denial of Service (DoS) attacks. |
| ☐ | SV-99941r1_rule | Lighttpd must disable directory browsing. |
| ☐ | SV-99943r1_rule | Lighttpd must not be configured to use mod_status. |
| ☐ | SV-99945r1_rule | Lighttpd must have debug logging disabled. |
| ☐ | SV-99947r1_rule | Lighttpd must be configured to utilize the Common Information Model Object Manager. |
| ☐ | SV-99949r1_rule | The web server must use a logging mechanism that is configured to provide a warning to the ISSO and SA when allocated record storage volume reaches 75% of maximum log record storage capacity. |
| ☐ | SV-99951r1_rule | Lighttpd audit records must be mapped to a time stamp. |
| ☐ | SV-99953r1_rule | Lighttpd must record time stamps for log records to a minimum granularity of time. |
| ☐ | SV-99955r1_rule | Lighttpd must prohibit non-privileged accounts from accessing the application, libraries, and configuration files. |
| ☐ | SV-99957r1_rule | Lighttpd must not be configured to listen to unnecessary ports. |
| ☐ | SV-99959r1_rule | Lighttpd must be configured with FIPS 140-2 compliant ciphers for https connections. |
| ☐ | SV-99961r1_rule | Lighttpd must be protected from being stopped by a non-privileged user. |
| ☐ | SV-99963r1_rule | Lighttpd must be configured to use the SSL engine. |
| ☐ | SV-99965r1_rule | Lighttpd must be configured to use the SSL engine. |
| ☐ | SV-99967r1_rule | Lighttpd must use an approved TLS version for encryption. |
| ☐ | SV-99969r1_rule | Lighttpd must remove all export ciphers to transmitted information. |
| ☐ | SV-99971r1_rule | Lighttpd must be configured to use SSL. |
| ☐ | SV-99973r1_rule | Lighttpd must have the latest approved security-relevant software updates installed. |
| ☐ | SV-99975r1_rule | Lighttpd must disable IP forwarding. |
| ☐ | SV-100975r1_rule | Lighttpd must have the correct group-ownership on the log files to ensure they are protected from unauthorized modification. |
| ☐ | SV-100977r1_rule | Lighttpd must have the correct permissions on the log files to ensure they are protected from unauthorized modification. |
| ☐ | SV-100979r1_rule | Lighttpd must have the correct group-ownership on the log files to ensure they are protected from unauthorized deletion. |
| ☐ | SV-100981r1_rule | Lighttpd must have the correct permissions on the log files to ensure they are protected from unauthorized deletion. |
| ☐ | SV-100983r1_rule | Lighttpd proxy settings must be configured. |
| ☐ | SV-100985r1_rule | Lighttpd must restrict inbound connections from nonsecure zones. |
| ☐ | SV-100987r1_rule | Lighttpd must be configured to use syslog. |
| ☐ | SV-100989r1_rule | Lighttpd must be configured to use syslog. |
STIGQter: STIG Summary: