Check: AS24-U1-000720
Apache Server 2.4 UNIX Server STIG:
AS24-U1-000720
(in versions v2 r7 through v1 r1)
Title
The Apache web server must not impede the ability to write specified log record content to an audit log server. (Cat II impact)
Discussion
Writing events to a centralized management audit system offers many benefits to the enterprise over having dispersed logs. Centralized management of audit records and logs provides for efficiency in maintenance and management of records, enterprise analysis of events, and backup and archiving of event records enterprise-wide. The web server and related components are required to be capable of writing logs to centralized audit log servers.
Check Content
Work with SIEM administrator to determine audit configurations. If there is a setting within the SIEM that could impede the ability to write specific log record content, this is a finding.
Fix Text
Work with the SIEM administrator to allow the ability to write specified log record content to an audit log server.
Additional Identifiers
Rule ID: SV-214263r879731_rule
Vulnerability ID: V-214263
Group Title: SRG-APP-000358-WSR-000063
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001851 |
The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited. |
Controls
Number | Title |
---|---|
AU-4 (1) |
Transfer To Alternate Storage |