From Apache Server 2.4 UNIX Server Security Technical Implementation Guide
Part of SRG-APP-000120-WSR-000070
Associated with: CCI-000164
Log data is essential in the investigation of events. The accuracy of the information is always pertinent. Information that is not accurate does not help in revealing potential security risks and may hinder the early discovery of a system compromise. One of the first steps an attacker will undertake is the modification or deletion of log records to cover his tracks and prolong discovery.
Verify the log information from the web server must be protected from unauthorized modification. Review the web server documentation and deployed configuration settings to determine if the web server logging features protect log information from unauthorized modification. Review file system settings to verify the log files have secure file permissions. Run the following command: ls -l <'INSTALL PATH'>/logs If the web server log files present are owned by anyone other than root, this is a finding.
Determine the location of the "ErrorLog" directory in the "httpd.conf" file: # httpd -V | egrep -i 'httpd_root|server_config_file' -D HTTPD_ROOT="/etc/httpd" -D SERVER_CONFIG_FILE="conf/httpd.conf" Open the "httpd.conf" file. Look for the "ErrorLog" directive. Ensure the permissions and ownership of all files in the Apache log directory are correct by executing the following commands as root: # chown root.root <'ErrorLog directive PATH'>/*
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer