OHS must have the RewriteLog directive set properly.

From Oracle HTTP Server 12.1.3 Security Technical Implementation Guide

Part of SRG-APP-000516-WSR-000174

Associated with: CCI-000366

SV-79141r1_rule OHS must have the RewriteLog directive set properly.

Vulnerability discussion

Specifying where the log files are written gives the system administrator the capability to store the files in a location other than the default, with system files or in a globally accessible location. The system administrator can also specify a location that is accessible by any enterprise tools that may use the logged data to give a picture of the overall enterprise security posture. If a file is not specified, OHS will still generate the log data, but it is not written and therefore, cannot be used to monitor the system or for forensic analysis.

Check content

1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "" directive. 2. Search for the "RewriteLog" directive at the OHS server and virtual host configuration scopes. 3. If the directive is omitted or set improperly, this is a finding unless inherited from a larger scope. 4. Validate that the folder specified exists. If the folder does not exist, this is a finding.

Fix text

1. As required, open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf and every .conf file (e.g., ssl.conf) included in it with an editor that contains a "" directive. 2. Search for the "RewriteLog" directive at the OHS server and virtual host configuration scopes. 3. Set the "RewriteLog" directive to the same location as the "CustomLog" directive; add the directive if it does not exist unless inherited from a larger scope.

Pro Tips

Powered by sagemincer