STIGQter STIGQter: STIG Summary: Oracle HTTP Server 12.1.3 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 24 Jul 2020:

OHS must have a SSL log format defined for log records generated to capture sufficient information to establish when an event occurred.

DISA Rule

SV-78691r1_rule

Vulnerability Number

V-64201

Group Title

SRG-APP-000096-WSR-000057

Rule Version

OH12-1X-000055

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive.

2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes.

3. Set the "LogFormat" directive to ""%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" ecid:%E xfor:%{X-Forwarded-For}i sslprot:%{SSL_PROTOCOL}x ciph:%{SSL_CIPHER}x" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.

Check Contents

1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive.

2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes.

3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.

Vulnerability Number

V-64201

Documentable

False

Rule Version

OH12-1X-000055

Severity Override Guidance

1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS/<componentName>/httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "<VirtualHost>" directive.

2. Search for the "LogFormat" directive with a nickname of "dod_ssl" at the OHS server and virtual host configuration scopes.

3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope.

Check Content Reference

M

Target Key

2753

Comments