UCF STIG Viewer Logo

Log file access must be restricted to System Administrators, Web Administrators or Auditors.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2252 WG250 W22 SV-33135r1_rule ECTP-1 Medium
Description
A major tool in exploring the web site use, attempted use, unusual conditions and problems are the access and error logs. In the event of a security incident, these logs can provide the SA and Web Manager with valuable information. To ensure the integrity of the log files and protect the SA and Web Manager from a conflict of interest related to the maintenance of these files, only the members of the Auditors group will be granted permissions to move, copy and delete these files in the course of their duties related to the archiving of these files.
STIG Date
APACHE SITE 2.0 for Windows 2014-12-05

Details

Check Text ( C-33787r1_chk )
Locate the Apache httpd.conf file.

If unable to locate the file, perform a search of the system to find the location of the file.

Open the httpd.conf file with an editor such as Notepad, and search for the following uncommented directives: ErrorLog & CustomLog

Navigate to the location of the file specified after each enabled ErrorLog & CustomLog directive and verify the permissions assigned to these files. Right click on the file to be examined. Select Properties > Select the “Security” tab. Permissions greater than Read & Execute should be allowed for only the account assigned to the Apache server service, and the Auditors Group. If the SA, Web Manager or users other than the Auditors group have greater than read access to the log files, this is a finding. If anyone other than the Auditors, Administrators, Web Managers, or the account assigned to the Apache server service has access to the log files, this is a finding.
Fix Text (F-29431r1_fix)
Remove the unauthorized permissions from the applicable accounts.