STIGQter: STIG Summary: Apache Server 2.4 UNIX Site Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The Apache web server must produce log records containing sufficient information to establish what type of events occurred.

DISA Rule

SV-214279r612241_rule

Vulnerability Number

V-214279

Group Title

SRG-APP-000095-WSR-000056

Rule Version

AS24-U2-000090

Severity

CAT II

CCI(s)

• CCI-000130 - The information system generates audit records containing information that establishes what type of event occurred.

Weight

10

Fix Recommendation

Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:

# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Uncomment the "log_config_module" module line.

Configure the "LogFormat" in the "httpd.conf" file to look like the following:

LogFormat "%a %A %h %H %l %m %s %t %u %U \"%{Referer}i\" " common

Restart Apache: apachectl restart

NOTE: Your log format may be using different variables based on your environment, however it should be verified to be producing the same end result of logged elements.

Check Contents

In a command line, run "httpd -M | grep -i log_config_module".

If the "log_config_module" is not enabled, this is a finding.

Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:

# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Search for the directive "LogFormat" in the httpd.conf file:

# cat /<path_to_file>/httpd.conf | grep -i "LogFormat"

If the "LogFormat" directive is missing or does not look like the following, this is a finding:

LogFormat "%a %A %h %H %l %m %s %t %u %U \"%{Referer}i\" " common

Vulnerability Number

V-214279

Documentable

False

Rule Version

AS24-U2-000090

Severity Override Guidance

In a command line, run "httpd -M | grep -i log_config_module".

If the "log_config_module" is not enabled, this is a finding.

Determine the location of the "HTTPD_ROOT" directory and the "httpd.conf" file:

# httpd -V | egrep -i 'httpd_root|server_config_file'
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"

Search for the directive "LogFormat" in the httpd.conf file:

# cat /<path_to_file>/httpd.conf | grep -i "LogFormat"

If the "LogFormat" directive is missing or does not look like the following, this is a finding:

LogFormat "%a %A %h %H %l %m %s %t %u %U \"%{Referer}i\" " common

Check Content Reference

M

Target Key

3997

Comments