Audit data is sharing directories or partitions with the E-mail application.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18732 | EMG3-823 Exch2K3 | SV-20407r1_rule | DCPA-1 | Medium |
| Description |
|---|
| Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. Audit log content must always be considered sensitive, and in need of protection. Successful exploit of an application server vulnerability may well be logged by monitoring or audit processes when it occurs. By writing log and audit data to a separate directory or partition where separate security contexts protect them, it offers the ability to protect this information from being modified or removed by the exploit mechanism. |
| STIG | Date |
|---|---|
| Microsoft Exchange Server 2003 | 2014-08-19 |
Details
| Check Text ( C-22453r1_chk ) |
|---|
| Verify that audit file location is in a different directory than the default, or on a different partition than the default. Procedure: Exchange System manager >>Administrative Groups >> [administrative group] >> servers >> [server name]>> Properties >> general tab The location should not be the default of %systemroot%\program files\exchangesvr\servername.log. (where servername is the actual name of the server being reviewed. Criteria: If E-mail logs or audit data are configured to a location other than the default of %systemroot%\program files\exchangesvr\servername.log this is not a finding. |
| Fix Text (F-19381r1_fix) |
|---|
| Specify different host system disk partitions or directories for Exchange log files. Procedure: Exchange System manager >>Administrative Groups >> [administrative group] >> Servers >> [server name]>> Properties >> General tab Choose a location other than the default of "%systemroot%\program files\exchangesvr\servername.log" for the log file location. |