Check: WG255 A24
Apache Site 2.4 Unix:
WG255 A24
(in version v1 r1)
Title
Access to the web server log files must be restricted to Administrators, Web Administrator or Auditors. (Cat II impact)
Discussion
A major tool in exploring the web site use, attempted use, unusual conditions, and problems are the access and error logs. In the event of a security incident, these logs can provide the SA and the web administrator with valuable information. Because of the information that is captured in the logs, it is critical that only authorized individuals have access to the logs.
Check Content
Enter the following commands to determine the directory the log files are located in: find / -name httpd.conf -print -exec grep "ErrorLog" {} \; find / -name httpd.conf -print -exec grep "CustomLog" {} \; Verify the user and group ownership of the ErrorLog & CustomLog files by entering the following command: ls -al <log directory> Only the Auditors, Web Managers, Administrators, and the account that runs the web server should have permissions to the files. If any users other than those authorized have read access to the log files, this is a finding.
Fix Text
To ensure the integrity of the data that is being captured in the log files, ensure that only the members of the Auditors group, Administrators, and the user assigned to run the web server software are granted permissions to read the log files.
Additional Identifiers
Rule ID:
Vulnerability ID: V-13689
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |