WG255 W22 – Access to the web server log files must be restricted to Administrators, the user assigned to run the web server software, Web Manager, and Auditors.

Details

A major tool in exploring the web site use, attempted use, unusual conditions and problems are the access and error logs. In the event of a security incident, these logs can provide the SA and Web Manager with valuable information. Because of the information that is captured in the logs, it is critical that only authorized individuals have access to the logs.

Solution

To ensure the integrity of the data that is being captured in the log files, ensure that only the members of the Auditors group, Administrators, and the user assigned to run the web server software is granted permissions to read the log files.

Supportive Information

The following resource is also helpful.

https://iasecontent.disa.mil/stigs/zip/U_Apache_2-2_WIN_V1R13_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Audit and Accountability, Configuration Management.This control applies to the following type of system Windows.

References

800-53|AC-6(7)(b)
800-53|AU-9(4)
800-53|CM-6b.
CAT|II
CSCv6|3.1
Rule-ID|SV-40832r1_rule
STIG-ID|WG255_W22
Vuln-ID|V-13689

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles