Details
By default, the logging.properties file will have no defined limit for the log file size. This is a potential denial of service attack as it would be possible to fill a drive or partition containing the log files.
Establishing a maximum log size that is smaller than the partition size will help mitigate the risk of an attacker maliciously exhausting disk space.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
The following example configures a single request log for the entire Jetty Server instance:
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.