The application server must use cryptographic mechanisms to protect the integrity of log information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-204739	SRG-APP-000126-AS-000085	SV-204739r508029_rule		Medium

Description
Protecting the integrity of log records helps to ensure log files are not tampered with. Cryptographic mechanisms are the industry-established standard used to protect the integrity of log data. An example of cryptographic mechanisms is the computation and application of a cryptographic hash and using asymmetric cryptography with digital signatures. Application Servers often write log data to files on the file system. These files typically roll over on a periodic basis. Once the logs are rolled over, hashing and signing the logs assures the logs are not tampered with and helps to assure log integrity.

Description

Protecting the integrity of log records helps to ensure log files are not tampered with. Cryptographic mechanisms are the industry-established standard used to protect the integrity of log data. An example of cryptographic mechanisms is the computation and application of a cryptographic hash and using asymmetric cryptography with digital signatures. Application Servers often write log data to files on the file system. These files typically roll over on a periodic basis. Once the logs are rolled over, hashing and signing the logs assures the logs are not tampered with and helps to assure log integrity.

STIG	Date
Application Server Security Requirements Guide	2021-12-10

Details

Check Text ( C-4859r282864_chk )
Review the application server documentation and configuration to determine if the application server can be configured to protect the integrity of log data using cryptographic hashes and digital signatures. Configure the application server to hash and sign log data. This is typically done the moment when log files cease to be written to and are rolled over for storage or offloading. Alternatively, if the application server is not able to hash and sign log data, the task can be delegated by configuring the application server or underlying OS to send logs to a centralized log management system or SIEM that can meet the requirement. If the application server is not configured to hash and sign logs, or is not configured to utilize the aforementioned OS and centralized log management resources to meet the requirement, this is a finding.

Check Text ( C-4859r282864_chk )

Review the application server documentation and configuration to determine if the application server can be configured to protect the integrity of log data using cryptographic hashes and digital signatures. Configure the application server to hash and sign log data. This is typically done the moment when log files cease to be written to and are rolled over for storage or offloading.

Alternatively, if the application server is not able to hash and sign log data, the task can be delegated by configuring the application server or underlying OS to send logs to a centralized log management system or SIEM that can meet the requirement.

If the application server is not configured to hash and sign logs, or is not configured to utilize the aforementioned OS and centralized log management resources to meet the requirement, this is a finding.

Fix Text (F-4859r282865_fix)
Configure the application server to hash and sign logs using cryptographic means. Alternatively, configure the application server or OS to send logs to a centralized log server that meets the hashing and signing requirement.