STIGQter: STIG Summary: APACHE 2.2 Site for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

The sites error logs must log the correct format.

DISA Rule

SV-33203r1_rule

Vulnerability Number

V-26280

Group Title

WA00612

Rule Version

WA00612 A22

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit the httpd.conf file and add LogFormat "%a %A %h %H %l %m %s %t %u %U \"%{Referer}i\" " combined

Check Contents

Enter the following command:

grep "LogFormat" /usr/local/apache2/conf/httpd.conf.

The command should return the following value:

LogFormat "%a %A %h %H %l %m %s %t %u %U \"%{Referer}i\" " combined.

If the above value is not returned, this is a finding.

Vulnerability Number

V-26280

Documentable

False

Rule Version

WA00612 A22

Severity Override Guidance

Enter the following command:

grep "LogFormat" /usr/local/apache2/conf/httpd.conf.

The command should return the following value:

LogFormat "%a %A %h %H %l %m %s %t %u %U \"%{Referer}i\" " combined.

If the above value is not returned, this is a finding.

Check Content Reference

M

Responsibility

Web Administrator

Target Key

161

Comments