Extend the potential of lunar with Web server

[Barnoux]

I really like the work you do with Lunar about hardenning UNIX systems.
I saw that you did something with docker and it’s very cool.
Do you think you can do something with web server like Apache ?

[richardatlateralblast]

Not sure what you're after. If you mean support for auditing apache. There is some support.

./lunar.sh -S |grep apache
audit_apache

I did look at the CIS benchmarks, but they were quite out of date.

There's no doubt more that can be done, but I'd need a good benchmark/standard as a basis.

[Barnoux]

Alright thank for your answer didn't see that there is some support for apache. For the record, i just want to follow some best security pratice. Because i want to work with apache (as a web server) in the future. And i saw that CIS published a benchmark for apache.

But i don't understand your sentence :

I'd need a good benchmark/standard as a basis.

IMO the CIS Benchmark is a good technical standard to hardening a technology (when you are a beginner and you don't know where to start).
What make you think that the CIS benchmark for apache could be better ?
CIS Apache HTTP Server 2.4 Benchmark v1.5.0 - 06-12-2019 => execpt that the cis benchamark was out of date.

As you said no doubt that more can be done but i wanted to ask.

[richardatlateralblast]

I hadn't noticed the CIS Apache benchmarks had been updated in December 2019, I'll take a look. The previous ones I had were from 2014/2015.

[richardatlateralblast]

I've added a bit more Apache support. There was some stuff that I could add quickly. More support will have to wait until I've got some more spare time.