Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-13689 | WG255 IIS6 | SV-29398r1_rule | ECTP-1 | Medium |
Description |
---|
A major tool in exploring the web site use, attempted use, unusual conditions, and problems are the access and error logs. In the event of a security incident, these logs can provide the SA and the web manager with valuable information. Failure to protect log files could enable an attacker to modify the log file data or falsify events to mask an attacker's activity. |
STIG | Date |
---|---|
IIS6 Site | 2015-06-01 |
Check Text ( C-30017r1_chk ) |
---|
1. Open the IIS Manager > Right click the website being reviewed > Select Properties > Select the Web Site tab > in the Enable logging box select Properties. 2. Note the path listed under the text Log file directory and the name of the log file beside the text Log file name. 3. Use Explorer to navigate to the log files based on the path and name found in step 2. 4. Right-click on the log file > Select Security. 5. Verify the permissions are as follows: - Auditors & System = Full Control - Administrators & Web Administrators = Read If the permissions are not the same as those listed in step 5, this is a finding. If any account has access to the log files other than those listed in step 5, this is a finding. NOTE: If permission assignment is more restrictive, this is not a finding. |
Fix Text (F-32678r1_fix) |
---|
1. Open the IIS Manager > Right click the website being reviewed > Select Properties > Select the Web Site tab > In the Enable logging box select Properties. 2. Note the path listed under the text Log file directory and the name of the log file beside the text Log file name. 3. Use Explorer to navigate to the log files based on the path and name found in step 2. 4. Right-click on the log file > Select Security. 5. Set the permissions as follows: - Auditors & System = Full Control - Administrators & Web Administrators = Read |