The web server must use a logging mechanism that is configured to alert the ISSO and SA in the event of a processing failure.

From Web Server Security Requirements Guide

Part of SRG-APP-000108-WSR-000166

Associated with: CCI-000139

SV-70227r2_rule The web server must use a logging mechanism that is configured to alert the ISSO and SA in the event of a processing failure.

Vulnerability discussion

Reviewing log data allows an investigator to recreate the path of an attacker and to capture forensic data for later use. Log data is also essential to system administrators in their daily administrative duties on the hosted system or within the hosted applications. If the logging system begins to fail, events will not be recorded. Organizations shall define logging failure events, at which time the application or the logging mechanism the application utilizes will provide a warning to the ISSO and SA at a minimum.

Check content

Review the web server documentation and deployment configuration settings to determine if the web server logging system provides an alert to the ISSO and the SA at a minimum when a processing failure occurs. If alerts are not sent or the web server is not configured to use a dedicated logging tool that meets this requirement, this is a finding.

Fix text

Configure the web server to provide an alert to the ISSO and SA when log processing failures occur. If the web server cannot generate alerts, utilize an external logging system that meets this criterion.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer