UCF STIG Viewer Logo

The Apache web server must use a logging mechanism that is configured to alert the (ISSO) and System Administrator (SA) in the event of a processing failure.


Overview

Finding ID Version Rule ID IA Controls Severity
V-214313 AS24-W1-000160 SV-214313r505936_rule Medium
Description
Reviewing log data allows an investigator to recreate the path of an attacker and to capture forensic data for later use. Log data is also essential to system administrators in their daily administrative duties on the hosted system or within the hosted applications. If the logging system begins to fail, events will not be recorded. Organizations must define logging failure events, at which time the application or the logging mechanism the application uses will provide a warning to the ISSO and SA at a minimum.
STIG Date
Apache Server 2.4 Windows Server Security Technical Implementation Guide 2020-09-25

Details

Check Text ( C-15525r277442_chk )
Work with the SIEM administrator to determine if an alert is configured when audit data is no longer received as expected.

If there is no alert configured, this is a finding.
Fix Text (F-15523r277443_fix)
Work with the SIEM administrator to configure an alert when no audit data is received from Apache based on the defined schedule of connections.