APACHE 2.2 Site for Windows STIG Version Comparison

There are 1 differences between versions v1 r11 (July 28, 2017) (the "left" version) and v1 r13 (Jan. 25, 2019) (the "right" version).

Check WA00615 W22 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

System logging must be enabled.

Check Content

Locate the Apache httpd.conf file. If unable to locate the file, perform a search of the system to find the location of the file. Open file. Open the httpd.conf file with an editor such as Notepad, and search for the following uncommented directives: LoadModule log_config_module modules/mod_log_config.so If the LoadModule log_config_module directives: directive CustomLog If any enabled CustomLog are is commented out or does not exist, set to logs/access_log combined, this is a finding. Search for both of the following uncommented directives: ErrorLog and CustomLog. If no uncommented directives for both ErrorLog and CustomLog are found, this is a finding. Note: finding. Note: This check is applicable to every host and virtual host the web server is supporting.

Discussion

The server error logs are invaluable because they can also be used to identify potential problems and enable proactive remediation. Log data can reveal anomalous behavior such as “not found” or “unauthorized” errors that may be an evidence of attack attempts. Failure to enable error logging can significantly reduce the ability of Web Administrators to detect or remediate problems. problems. The The CustomLog mod_log_config module provides for flexible logging of client requests. Logs are written in a customizable format, and may be written directly to a file, or to an external program. Conditional logging is provided so that individual requests may be included or excluded from the logs based on characteristics of the request. Three directive directives specifies the are provided by this module: TransferLog to create a log file, syslog facility, LogFormat to set a custom format, and CustomLog to define a log file and format in one step. The TransferLog and CustomLogdirectives can be used multiple times in each server to cause each request to be logged to multiple files. The server error log, whose name and location is set by the ErrorLog directive, is the most important log file. This is the place where Apache httpd will send diagnostic information and record any errors that it encounters in processing requests. It is the first place to look when a problem occurs with starting the server or piped logging utility. with the operation of the server, since it will often contain details of what went wrong and how to fix it.

Fix

Edit the httpd.conf file and enter configure to load the name, path log_config_module. Configure with ErrorLog and level for the CustomLog. CustomLog directives to ensure comprehensive system and access logging.