STIGQter STIGQter: STIG Summary: Apache Server 2.4 UNIX Server Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The Apache web server log files must only be accessible by privileged users.

DISA Rule

SV-214235r612240_rule

Vulnerability Number

V-214235

Group Title

SRG-APP-000118-WSR-000068

Rule Version

AS24-U1-000180

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To protect the integrity of the data that is being captured in the log files, ensure that only the members of the Auditors group, Administrators, and the user assigned to run the web server software is granted permissions to read the log files.

Check Contents

Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:

# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Review the log file location.

To determine permissions for log files, from the command line, navigate to the directory where the log files are located and enter the following command:

ls -alH <HTTPD_ROOT>/log*

Note the owner and group permissions on these files. Only system administrators and service accounts running the server should have permissions to the files.

If any users other than those authorized have read access to the log files, this is a finding.

Vulnerability Number

V-214235

Documentable

False

Rule Version

AS24-U1-000180

Severity Override Guidance

Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:

# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Review the log file location.

To determine permissions for log files, from the command line, navigate to the directory where the log files are located and enter the following command:

ls -alH <HTTPD_ROOT>/log*

Note the owner and group permissions on these files. Only system administrators and service accounts running the server should have permissions to the files.

If any users other than those authorized have read access to the log files, this is a finding.

Check Content Reference

M

Target Key

3996

Comments