Check: WG250 W22
APACHE SITE 2.0 for Windows:
WG250 W22
(in version v1 r5)
Title
Log file access must be restricted to System Administrators, Web Administrators or Auditors. (Cat II impact)
Discussion
A major tool in exploring the web site use, attempted use, unusual conditions and problems are the access and error logs. In the event of a security incident, these logs can provide the SA and Web Manager with valuable information. To ensure the integrity of the log files and protect the SA and Web Manager from a conflict of interest related to the maintenance of these files, only the members of the Auditors group will be granted permissions to move, copy and delete these files in the course of their duties related to the archiving of these files.
Check Content
Locate the Apache httpd.conf file. If unable to locate the file, perform a search of the system to find the location of the file. Open the httpd.conf file with an editor such as Notepad, and search for the following uncommented directives: ErrorLog & CustomLog Navigate to the location of the file specified after each enabled ErrorLog & CustomLog directive and verify the permissions assigned to these files. Right click on the file to be examined. Select Properties > Select the “Security” tab. Permissions greater than Read & Execute should be allowed for only the account assigned to the Apache server service, and the Auditors Group. If the SA, Web Manager or users other than the Auditors group have greater than read access to the log files, this is a finding. If anyone other than the Auditors, Administrators, Web Managers, or the account assigned to the Apache server service has access to the log files, this is a finding.
Fix Text
Remove the unauthorized permissions from the applicable accounts.
Additional Identifiers
Rule ID: SV-33135r1_rule
Vulnerability ID: V-2252
Group Title: WG250
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |