Apache Server 2.4 Windows Server STIG Version Comparison

There are 2 differences between versions v2 r1 (Oct. 23, 2020) (the "left" version) and v2 r3 (Jan. 26, 2023) (the "right" version).

Check AS24-W1-000065 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

System logging must be enabled.

Check Content

In a command line, navigate to "<'INSTALLED PATH'>\bin". Edit PATH'>\bin\conf". Edit the "httpd.conf" file and Search search for the directive "CustomLog". If the "CustomLog" directive is missing or does not look like the following, this is a finding: CustomLog "Logs/access_log" common

Discussion

The server error logs are invaluable because they can also be used to identify potential problems and enable proactive remediation. Log data can reveal anomalous behavior such as “not "not found” found" or “unauthorized” "unauthorized" errors that may be an evidence of attack attempts. Failure to enable error logging can significantly reduce the ability of Web Administrators to detect or remediate problems. The CustomLog directive specifies the log file, syslog facility, or piped logging utility.

Fix

Edit the httpd.conf file and enter the name, path path, and level for the CustomLog.