Check: IIST-SV-000145
Microsoft IIS 10.0 Server STIG:
IIST-SV-000145
(in versions v2 r10 through v1 r1)
Title
The IIS 10.0 web server must use a logging mechanism configured to allocate log record storage capacity large enough to accommodate the logging requirements of the IIS 10.0 web server. (Cat II impact)
Discussion
To ensure the logging mechanism used by the web server has sufficient storage capacity in which to write the logs, the logging mechanism must be able to allocate log record storage capacity. The task of allocating log record storage capacity is usually performed during initial installation of the logging mechanism. The system administrator will usually coordinate the allocation of physical drive space with the web server administrator along with the physical location of the partition and disk. Refer to NIST SP 800-92 for specific requirements on log rotation and storage dependent on the impact of the web server.
Check Content
Open the IIS 10.0 Manager. Click the IIS 10.0 web server name. Under "IIS" double-click the "Logging" icon. In the "Logging" configuration box, determine the "Directory:" to which the "W3C" logging is being written. Confirm with the System Administrator that the designated log path is of sufficient size to maintain the logging. Under "Log File Rollover", verify "Do not create new log files" is not selected. Verify a schedule is configured to rollover log files on a regular basis. Consult with the System Administrator to determine if there is a documented process for moving the log files off of the IIS 10.0 web server to another logging device. If the designated logging path device is not of sufficient space to maintain all log files, and there is not a schedule to rollover files on a regular basis, this is a finding.
Fix Text
Open the IIS 10.0 Manager. Click the IIS 10.0 web server name. Under "IIS" double-click on the "Logging" icon. If necessary, in the "Logging" configuration box, re-designate a log path to a location able to house the logs. Under "Log File Rollover", de-select the "Do not create new log files" setting. Configure a schedule to rollover log files on a regular basis.
Additional Identifiers
Rule ID: SV-218815r879730_rule
Vulnerability ID: V-218815
Group Title: SRG-APP-000357-WSR-000150
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001849 |
The organization allocates audit record storage capacity in accordance with organization-defined audit record storage requirements. |
Controls
Number | Title |
---|---|
AU-4 |
Audit Storage Capacity |