Check: SRG-APP-000125-WSR-000071
Web Server SRG:
SRG-APP-000125-WSR-000071
(in versions v4 r2 through v2 r2)
Title
The log data and records from the web server must be backed up onto a different system or media. (Cat II impact)
Discussion
Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up log records to an unrelated system or onto separate media than the system the web server is actually running on helps to assure that, in the event of a catastrophic system failure, the log records will be retained.
Check Content
Review the web server documentation and deployed configuration to determine if the web server log records are backed up onto an unrelated system or media than the system being logged. If the web server logs are not backed up onto a different system or media than the system being logged, this is a finding.
Fix Text
Configure the web server logs to be backed up onto a different system or media other than the system being logged.
Additional Identifiers
Rule ID: SV-206371r960948_rule
Vulnerability ID: V-206371
Group Title: SRG-APP-000125
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001348 |
Store audit records on an organization-defined frequency in a repository that is part of a physically different system or system component than the system or component being audited. |
Controls
| Number | Title |
|---|---|
| AU-9(2) |
Audit Backup On Separate Physical Systems / Components |