Check: WG250 A24
Apache Site 2.4 Unix:
WG250 A24
(in version v1 r1)
Title
Log file access must be restricted to System Administrators, Web Administrators or Auditors. (Cat II impact)
Discussion
A major tool in exploring the web site use, attempted use, unusual conditions, and problems are the access and error logs. In the event of a security incident, these logs can provide the SA and the web manager with valuable information. To ensure the integrity of the log files and protect the SA and the web manager from a conflict of interest related to the maintenance of these files, only the members of the Auditors group will be granted permissions to move, copy, and delete these files in the course of their duties related to the archiving of these files.
Check Content
Enter the following commands to determine the directory the log files are located in: find / -name httpd.conf -print -exec grep "ErrorLog" {} \; find / -name httpd.conf -print -exec grep "CustomLog" {} \; Verify the permission of the ErrorLog & CustomLog files by entering the following command: ls -al <log directory> Unix file permissions should be 640 or less for all web log files if not, this is a finding.
Fix Text
Use the chmod command to set the appropriate file permissions on the log files.
Additional Identifiers
Rule ID:
Vulnerability ID: V-2252
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |