As part of 10.1 release, the following Apache STIG hardening issues have been addressed in NCM.

V-13736: The LimitRequestBody directive is set to a value of "1610612736" in the httpd.conf file.

V-13737: The LimitRequestFields directive is set to a value of 100.

V-13738: The LimitRequestFieldSize directive is set to a value of 8190.

V-13739: The LimitRequestLine directive is set to a value of 8190.

V-26294: The following modules are not loaded in the Apache httpd server:
  • info_module
  • status_module

V-26368: The LoadModule autoindex_module directive must be commented, if present in the Apache httpd.conf file.

V-26326: The listen directive in <VOYENCE_HOME>/conf/httpd.conf is set to the <IPAddress>:<Port> on which the Apache server is listening.

V-26287: The following modules are not loaded in the Apache httpd server:
  • dav_module
  • dav_fs_module
  • dav_lock_module

V-2259: The permission of <VOYENCE_HOME>/conf/httpd.conf is set to 640.

V-13735: The options directive in the Apache httpd.conf file is set to None.

V-26324: The options directive in the root directory of the Apache httpd.conf file is set to None.

V-26396: For all the non-root directory in the Apache httpd.conf file, the following two entries are added:
  • Order allow, deny
  • Deny from all
V-26323: For the root directory in the Apache httpd.conf file, the following entry is added:
  • Order denies, allow
    Note: Adding Deny from all in the root directory is impacting the NCM functionality and hence its not added in the root directory of Apache httpd.conf file.

V-13733: The options directive in the root directory of the Apache httpd.conf file is set to None.

V-13734: The options directive in the root directory of the Apache httpd.conf file is set to None.