Check: WG255 IIS6
IIS6 Site:
WG255 IIS6
(in version v6 r16)
Title
Access to the web site log files must be restricted. (Cat II impact)
Discussion
A major tool in exploring the web site use, attempted use, unusual conditions, and problems are the access and error logs. In the event of a security incident, these logs can provide the SA and the web manager with valuable information. Failure to protect log files could enable an attacker to modify the log file data or falsify events to mask an attacker's activity.
Check Content
1. Open the IIS Manager > Right click the website being reviewed > Select Properties > Select the Web Site tab > in the Enable logging box select Properties. 2. Note the path listed under the text Log file directory and the name of the log file beside the text Log file name. 3. Use Explorer to navigate to the log files based on the path and name found in step 2. 4. Right-click on the log file > Select Security. 5. Verify the permissions are as follows: - Auditors & System = Full Control - Administrators & Web Administrators = Read If the permissions are not the same as those listed in step 5, this is a finding. If any account has access to the log files other than those listed in step 5, this is a finding. NOTE: If permission assignment is more restrictive, this is not a finding.
Fix Text
1. Open the IIS Manager > Right click the website being reviewed > Select Properties > Select the Web Site tab > In the Enable logging box select Properties. 2. Note the path listed under the text Log file directory and the name of the log file beside the text Log file name. 3. Use Explorer to navigate to the log files based on the path and name found in step 2. 4. Right-click on the log file > Select Security. 5. Set the permissions as follows: - Auditors & System = Full Control - Administrators & Web Administrators = Read
Additional Identifiers
Rule ID: SV-29398r1_rule
Vulnerability ID: V-13689
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |