UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Users other than Auditors group must not have greater than read access to log files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2252 WG250 IIS6 SV-30017r1_rule ECTP-1 Medium
Description
A major tool in exploring the web site use, attempted use, unusual conditions, and problems are the access and error logs. In the event of a security incident, these logs can provide the SA and the Web Manager with valuable information. To ensure the integrity of the log files and protect the SA and Web Manager from a conflict of interest related to the maintenance of these files, only the members of the Auditors group will be granted permissions to move, copy, and delete these files in the course of their duties related to the archiving of these files.
STIG Date
IIS6 Site 2014-12-10

Details

Check Text ( C-29939r1_chk )
1. Open the IIS Manager > Expand the Web Sites directory > Right click on the site being reviewed and select properties.
2. Select the Web Site tab > Click on the properties button beside the log format dropdown.
3. Note the log file path under Log file directory.
4. Navigate to this location.
5. Right click on the directories and files in this location > Select properties > Select the Security tab.
6. Ensure only the System, Administrators, and Auditors group have greater than Read permission.

If any users or groups, other than System, Administrators, or Auditors, have greater than read permission to the log directories and files, this is a finding.

NOTE: The Auditor group does not have to have the name Auditors, but the site will need to identify the group containing the auditors.
Fix Text (F-32675r1_fix)
Ensure only the System, Administrators, and Auditors group has greater than read permission to the log files.