STIGQter: STIG Summary: APACHE 2.2 Site for Windows Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 25 Jan 2019:

The sites error logs must log the correct format.

DISA Rule

SV-33149r1_rule

Vulnerability Number

V-26280

Group Title

WA00612

Rule Version

WA00612 W22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit the configuration file/s and add LogFormat "%a %A %h %H %l %m %s %t %u %U \"%{Referer}i\"" combined

Check Contents

Locate the Apache httpd.conf file.

If unable to locate the file, perform a search of the system to find the location of the file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: LogFormat

The minimum items to be logged are as shown in the sample below:

LogFormat "%a %A %h %H %l %m %s %t %u %U \"%{Referer}i\"" combined

Verify the information following the LogFormat directive meets or exceeds the minimum requirement above. If any LogFormat directive does not meet this requirement, this is a finding.

Vulnerability Number

V-26280

Documentable

False

Rule Version

WA00612 W22

Severity Override Guidance

Locate the Apache httpd.conf file.

If unable to locate the file, perform a search of the system to find the location of the file.

Open the httpd.conf file with an editor such as notepad, and search for the following uncommented directive: LogFormat

The minimum items to be logged are as shown in the sample below:

LogFormat "%a %A %h %H %l %m %s %t %u %U \"%{Referer}i\"" combined

Verify the information following the LogFormat directive meets or exceeds the minimum requirement above. If any LogFormat directive does not meet this requirement, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

161

Comments