UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Audit data is sharing directories or partitions with the E-mail application.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18732 EMG3-823 Exch2K3 SV-20407r1_rule DCPA-1 Medium
Description
Log files help establish a history of activities, and can be useful in detecting attack attempts or determining tuning adjustments to improve availability. Audit log content must always be considered sensitive, and in need of protection. Successful exploit of an application server vulnerability may well be logged by monitoring or audit processes when it occurs. By writing log and audit data to a separate directory or partition where separate security contexts protect them, it offers the ability to protect this information from being modified or removed by the exploit mechanism.
STIG Date
Microsoft Exchange Server 2003 2014-08-19

Details

Check Text ( C-22453r1_chk )
Verify that audit file location is in a different directory than the default, or on a different partition than the default.

Procedure: Exchange System manager >>Administrative Groups >> [administrative group] >> servers >> [server name]>> Properties >> general tab

The location should not be the default of %systemroot%\program files\exchangesvr\servername.log. (where servername is the actual name of the server being reviewed.

Criteria: If E-mail logs or audit data are configured to a location other than the default of %systemroot%\program files\exchangesvr\servername.log this is not a finding.
Fix Text (F-19381r1_fix)
Specify different host system disk partitions or directories for Exchange log files.

Procedure: Exchange System manager >>Administrative Groups >> [administrative group] >> Servers >> [server name]>> Properties >> General tab

Choose a location other than the default of "%systemroot%\program files\exchangesvr\servername.log" for the log file location.