Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-41668 | SRG-APP-000116-WSR-000066 | SV-54245r3_rule | Medium |
Description |
---|
Without an internal clock used as the reference for the time stored on each event to provide a trusted common reference for the time, forensic analysis would be impeded. Determining the correct time a particular event occurred on the web server is critical when conducting forensic analysis and investigating system events. If the internal clock is not used, the web server may not be able to provide time stamps for log messages. The web server can use the capability of an operating system or purpose-built module for this purpose. Time stamps generated by the web server shall include both date and time. The time may be expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. |
STIG | Date |
---|---|
Web Server Security Requirements Guide | 2015-08-28 |
Check Text ( C-48065r2_chk ) |
---|
Review the web server documentation and deployment configuration to determine if the internal system clock is used for date and time stamps. If this is not feasible, an alternative workaround is to take an action that generates an entry in the log and then immediately query the operating system for the current time. A reasonable match between the two times will suffice as evidence that the system is using the internal clock for date and time stamps. If the web server does not use the internal system clock to generate time stamps, this is a finding. |
Fix Text (F-47127r2_fix) |
---|
Configure the web server to use internal system clocks to generate date and time stamps for log records. |