An error occurred:

Check: CF11-02-000057

Adobe ColdFusion 11 STIG: CF11-02-000057 (in versions v2 r1 through v1 r2)

Title

ColdFusion must send log records to the operating system logging facility. (Cat II impact)

Discussion

Protection of log data includes assuring log data is not accidentally lost or deleted. By sending some of the log messages to the operating system logging facilities, these log messages become part of the OS log history, become part of the log review performed by the OS administrator, and become part of the backup of OS log data. Note: This feature is only available for Linux installations.

Check Content

This feature is not present when ColdFusion is installed on Windows; therefore, this finding is not applicable. Within the Administrator Console, navigate to the "Logging Settings" page under the "Debugging & Logging" menu. If "Use operating system logging facilities" is not checked, this is a finding.

Fix Text

Navigate to the "Logging Settings" page under the "Debugging & Logging" menu. Check "Use operating system logging facilities" and select the "Submit Changes" button.

Additional Identifiers

Rule ID: SV-237156r641563_rule

Vulnerability ID: V-237156

Group Title: SRG-APP-000125-AS-000084

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001348

Store audit records on an organization-defined frequency in a repository that is part of a physically different system or system component than the system or component being audited.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-9(2)

Audit Backup On Separate Physical Systems / Components