Table of Contents
Check_apache_security
Script: check_apache_security
Check if
- Http version is 2 or higher
- Security headers are set
Requirements
- Apache httpd
- sudo permissions on
apachectl - curl
Standalone installation
From this repository you need next to this script:
-
inc_pluginfunctionsshared function for all IML checks written in bash
Syntax
______________________________________________________________________
CHECK_APACHE_SECURITY
v0.1
(c) Institute for Medical Education - University of Bern
Licence: GNU GPL 3
https://os-docs.iml.unibe.ch/icinga-checks/Checks/check_apache_security.html
______________________________________________________________________
The check tests
- http security headers
- http version 2 or above
It switches to critical if
- http version is too old or
- no security header was set
SYNTAX:
check_apache_security [OPTIONS]
OPTIONS:
-h, -help show this help.
-r hide response header
-s hide found security headers
PARAMETERS:
None.
EXAMPLES:
check_apache_security
Full expanded view with tested webs and found headers
check_apache_security -r -s
Minimal view
Examples
Minimal view:
check_apache_requests -r -s
Output example:
CRITICAL: Apache: Websites: 2 - Errors: 1
www.example.com - HTTP/2 200 -> version 2 (OK) ... security headers: 0 (CRITICAL) No security header was found
blog.example.com - HTTP/2 200 -> version 2 (OK) ... security headers: 5 (OK)