Check: WG242 W22
APACHE SITE 2.0 for Windows:
WG242 W22
(in version v1 r5)
Title
Log file data must contain required data elements. (Cat II impact)
Discussion
The use of log files is a critical component of the operation of the Information Systems (IS) used within the DoD, and they can provide invaluable assistance with regard to damage assessment, causation, and the recovery of both affected components and data. They may be used to monitor accidental or intentional misuse of the (IS) and may be used by law enforcement for criminal prosecutions. The use of log files is a requirement within the DoD.
Check Content
To verify the log settings: Default Windows location: :\Program Files\Apache Group\Apache2\logs\access.log or :\Program Files\Apache Software Foundation\Apache2.2\logs\access.log. If these directories do not exist, you can search the web server for the httpd.conf config file to determine the location of the logs. Items to be logged are as shown in this sample line in the httpd.conf file: LogFormat "%a %A %h %H %l %m %s %t %u %U \"%{Referer}i\" " combined If the web server is not configured to capture the required audit events for all sites and virtual directories, this is a finding.
Fix Text
Configure the web server to ensure the log file data includes the required data elements.
Additional Identifiers
Rule ID: SV-28654r1_rule
Vulnerability ID: V-13688
Group Title: WG242
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |