Details
Reviewing log data allows an investigator to recreate the path of an attacker and to capture forensic data for later use. Log data is also essential to SAs in their daily administrative duties on the hosted system or within the hosted applications.
If the logging system begins to fail, events will not be recorded. Organizations must define logging failure events, at which time the application or the logging mechanism the application uses will provide a warning to the ISSO and SA at a minimum.
Satisfies: SRG-APP-000108-WSR-000166, SRG-APP-000359-WSR-000065
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Work with the SIEM administrator to configure an alert when no audit data is received from Apache based on the defined schedule of connections.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.
References
- 800-53|AU-5(1)
- 800-53|AU-5a.
- CAT|II
- CCI|CCI-000139
- CCI|CCI-001855
- Rule-ID|SV-214234r612240_rule
- STIG-ID|AS24-U1-000160
- STIG-Legacy|SV-102715
- STIG-Legacy|V-92627
- Vuln-ID|V-214234