CCE-27794-7Platform: apache-httpd2.2 | Date: (C)2013-02-19 (M)2022-10-10 |
The Apache system logging should be configured appropriately.
Parameter:
(1) File path | pipe
(2) LogFormat | nickname
Technical Mechanism:
(1) Apache configuration file: CustomLog directive
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
CIS Security Configuration Benchmark For Apache Web Server 2.2 Version 3.1.0 June 11th, 2012 | 1.6.2 Configure the Access Log (Level 1, Scorable)
Add or modify the CustomLog directives in the Apache configuration to use the combined format with an appropriate log file, syslog facility or piped logging utility. CustomLog log/access_log combined
Add a similar CustomLog directives for each virtual host configured if the virtual host will have different people responsible for the web site. Each responsible individual or organization needs access to their own web logs, and needs the skills/training/tools for monitor the logs. page 51 |
CIS Security Configuration Benchmark For Apache Web Server 2.2.0 Version 2.2.0 November 2008 | 1.17 Logging p31 |
DISA STIG Apache SITE 2.2 for Windows Release: 1 Benchmark Date: 23 Nov 2011 | Rule Title: System logging must be enabled.
STIG ID: WA00615 W22 Rule ID: SV-33151r1_rule Vuln ID: V-26281
Severity: CAT II Class: Unclass |
DISA STIG Apache SITE 2.2 for Unix Release: 1 Benchmark Date: 23 Nov 2011 | Rule Title: System logging must be enabled.
STIG ID: WA00615 A22 Rule ID: SV-33206r1_rule Vuln ID: V-26281
Severity: CAT II Class: Unclass |