OHS must have a log file defined for each site/virtual host to capture information to be used by external applications or entities to monitor and control remote access.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-64171	OH12-1X-000026	SV-78661r1_rule		Medium

Description
Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions. By providing remote access information to an external monitoring system, the organization can monitor for cyber attacks and monitor compliance with remote access policies. The organization can also look at data organization wide and determine an attack or anomaly is occurring on the organization which might not be noticed if the data were kept local to the web server. Examples of external applications used to monitor or control access would be audit log monitoring systems, dynamic firewalls, or infrastructure monitoring systems.

Description

Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions. By providing remote access information to an external monitoring system, the organization can monitor for cyber attacks and monitor compliance with remote access policies. The organization can also look at data organization wide and determine an attack or anomaly is occurring on the organization which might not be noticed if the data were kept local to the web server. Examples of external applications used to monitor or control access would be audit log monitoring systems, dynamic firewalls, or infrastructure monitoring systems.

STIG	Date
Oracle HTTP Server 12.1.3 Security Technical Implementation Guide	2020-06-12

Details

Check Text ( C-64923r1_chk )
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.

Check Text ( C-64923r1_chk )

Fix Text (F-70101r1_fix)
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "" directive. 2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes. 3a. If the virtual host is NOT configured for SSL, set the "CustomLog" directive to ""\|\|${PRODUCT_HOME}/bin/odl_rotatelogs 43200" dod", add the directive if it does not exist unless inherited from a larger scope. 3b. If the virtual host is configured for SSL, set the "CustomLog" directive to ""\|\|${PRODUCT_HOME}/bin/odl_rotatelogs 43200" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.

Fix Text (F-70101r1_fix)

1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "" directive.

2. Search for the "CustomLog" directive at the OHS server and virtual host configuration scopes.

3a. If the virtual host is NOT configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs 43200" dod", add the directive if it does not exist unless inherited from a larger scope.
3b. If the virtual host is configured for SSL, set the "CustomLog" directive to ""||${PRODUCT_HOME}/bin/odl_rotatelogs 43200" dod_ssl", add the directive if it does not exist unless inherited from a larger scope.