STIGQter STIGQter: STIG Summary: Apache Server 2.4 Windows Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Apache web server must produce log records containing sufficient information to establish what type of events occurred.

DISA Rule

SV-214311r505936_rule

Vulnerability Number

V-214311

Group Title

SRG-APP-000095-WSR-000056

Rule Version

AS24-W1-000090

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the "LogFormat" in the "httpd.conf" file to look like the following:

LogFormat "%a %A %h %H %l %m %s %t %u %U \"%{Referer}i\" " combined

Restart the Apache service.

NOTE: Your log format may be using different variables based on your environment, however, it should be verified to be producing the same end result of logged elements.

Check Contents

Items to be logged are as shown in this sample line in the <'INSTALL PATH'>\conf\httpd.conf file:

LogFormat "%a %A %h %H %l %m %s %t %u %U \"%{Referer}i\" " combined

If the web server is not configured to capture the required audit events for all sites and virtual directories, this is a finding.

Vulnerability Number

V-214311

Documentable

False

Rule Version

AS24-W1-000090

Severity Override Guidance

Items to be logged are as shown in this sample line in the <'INSTALL PATH'>\conf\httpd.conf file:

LogFormat "%a %A %h %H %l %m %s %t %u %U \"%{Referer}i\" " combined

If the web server is not configured to capture the required audit events for all sites and virtual directories, this is a finding.

Check Content Reference

M

Target Key

3998

Comments