STIGQter: STIG Summary: APACHE 2.2 Site for UNIX Security Technical Implementation Guide Version: 1 Release: 11 Benchmark Date: 25 Jan 2019:

System logging must be enabled.

DISA Rule

SV-33206r1_rule

Vulnerability Number

V-26281

Group Title

WA00615

Rule Version

WA00615 A22

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Edit the httpd.conf file and configure to load the log_config_module. Configure with ErrorLog and CustomLog directives to ensure comprehensive system and access logging.

Check Contents

Enter the following command:

grep "CustomLog" /usr/local/apache2/conf/httpd.conf

The command should return the following value:.

CustomLog "Logs/access_log" common

If the above value is not returned, this is a finding.

Vulnerability Number

V-26281

Documentable

False

Rule Version

WA00615 A22

Severity Override Guidance

Check Content Reference

Responsibility

Web Administrator

Target Key

161

System logging must be enabled.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments