Return to Main
Install and secure the host operating system
Create an unprivileged user account for the Web server/dæmon
Install approved server software
Set permissions for Web server directories and files
Delete all unapproved CGI scripts
Delete unneeded files from the HTML document tree
Make working copies of server configuration files
Set a server name
Disable automatic directory listings
Disable symbolic links
Configure server auditing
Configure access control and authentication
Disable the exec form of server side includes
Restrict remote operations (e.g., PUT and POST)
Provide a security banner for the home page
Starting and Stopping the Web server
Check Web server logs daily
Periodically archive and flush Web server logs
Do regular backups of system data and test your ability to restore from your backups
