ColdFusion log records must be off-loaded onto a different system or media from the system being logged.

From Adobe ColdFusion 11 Security Technical Implementation Guide

Part of SRG-APP-000358-AS-000064

Associated with: CCI-001851

SV-76879r1_rule ColdFusion log records must be off-loaded onto a different system or media from the system being logged.

Vulnerability discussion

Information system logging capability is critical for accurate forensic analysis. Off-loading is a common process in information systems with limited log storage capacity.Centralized management of log records provides for efficiency in maintenance and management of records, as well as the backup and archiving of those records. Application servers and their related components are required to off-load log records on to a different system or media than the system being logged.ColdFusion offers the capability to set the number of archived log files to keep before overwriting the file along with the maximum file size before generating an archive. This allows the administrator to set up a scheduled task or a centralized log management system to pull the log files.

Check content

Locate the log file directory by viewing the "Log directory" setting within the "Logging Settings" page under the "Debugging & Logging" menu. Have the administrator show the scheduled task or log management application that accesses this directory and stores the log files to another system or media. If the administrator cannot demonstrate that the log files are being stored to another system or media, this is a finding.

Fix text

Configure a scheduled task or log management application to store the log files to another system or media.

Pro Tips

Powered by sagemincer