[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-41972-1

Platform: cpe:/o:microsoft:windows_10Date: (C)2016-09-23   (M)2023-07-04



'Specify the maximum log file size (KB) (Application Log)' for MaxSize (Min:1024 Max:2147483647 kb) This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments. If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes. Counter Measure: Enable this policy setting and select "32768. Potential Impact: When event logs fill to capacity, they will stop recording information unless the retention method for each is set so that the computer will overwrite the oldest entries with the most recent ones. To mitigate the risk of loss of recent data, you can configure the retention method so that older events are overwritten as needed. The consequence of this configuration is that older events will be removed from the logs. Attackers can take advantage of such a configuration, because they can generate a large number of extraneous events to overwrite any evidence of their attack. These risks can be somewhat reduced if you automate the archival and backup of event log data. Ideally, all specifically monitored events should be sent to a server that uses Microsoft Operations Manager (MOM) or some other automated monitoring tool. Such a configuration is particularly important because an attacker who successfully compromises a server could clear the Security log. If all events are sent to a monitoring server, then you will be able to gather forensic information about the attacker's activities."


Parameter:

[max log size]


Technical Mechanism:

(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsEvent Log ServiceApplicationSpecify the maximum log file size (KB) (Application Log) (2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsEventLogApplicationMaxSize

CCSS Severity:CCSS Metrics:
CCSS Score : 7.0Attack Vector: NETWORK
Exploit Score: 2.2Attack Complexity: HIGH
Impact Score: 4.7Privileges Required: NONE
Severity: HIGHUser Interaction: NONE
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:HScope: UNCHANGED
 Confidentiality: LOW
 Integrity: LOW
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:35042


OVAL    1
oval:org.secpod.oval:def:35042
XCCDF    6
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_10
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_10
xccdf_org.secpod_benchmark_PCI_3_2_Windows_10
xccdf_org.secpod_benchmark_SecPod_Windows_10
...

© SecPod Technologies