STIGQter STIGQter: STIG Summary: Apache Server 2.4 UNIX Server Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jan 2020: The log information from the Apache web server must be protected from unauthorized modification or deletion.

DISA Rule

SV-102719r1_rule

Vulnerability Number

V-92631

Group Title

SRG-APP-000119-WSR-000069

Rule Version

AS24-U1-000190

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Determine the location of the "ErrorLog" directory in the "httpd.conf" file:

# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Open the "httpd.conf" file.

Look for the "ErrorLog" directive.

Ensure the permissions and ownership of all files in the Apache log directory are correct by executing the following commands as an administrative service account:

# chown <'service account'> <'ErrorLog directive PATH'>/*

Check Contents

Verify the log information from the web server must be protected from unauthorized modification.

Review the web server documentation and deployed configuration settings to determine if the web server logging features protect log information from unauthorized modification.

Review file system settings to verify the log files have secure file permissions. Run the following command:

ls -l <'INSTALL PATH'>/logs

If the web server log files present are owned by anyone other than an administrative service account this is a finding.

Vulnerability Number

V-92631

Documentable

False

Rule Version

AS24-U1-000190

Severity Override Guidance

Verify the log information from the web server must be protected from unauthorized modification.

Review the web server documentation and deployed configuration settings to determine if the web server logging features protect log information from unauthorized modification.

Review file system settings to verify the log files have secure file permissions. Run the following command:

ls -l <'INSTALL PATH'>/logs

If the web server log files present are owned by anyone other than an administrative service account this is a finding.

Check Content Reference

M

Target Key

3413

Comments