From Apache Server 2.4 Windows Server Security Technical Implementation Guide
Part of SRG-APP-000092-WSR-000055
Associated with: CCI-001464
An attacker can compromise a web server during the startup process. If logging is not initiated until all the Apache web server processes are started, key information may be missed and not available during a forensic investigation. To ensure all logable events are captured, the Apache web server must begin logging once the first Apache web server process is initiated.
In a command line, navigate to "<'INSTALLED PATH'>\bin". Run "httpd -M" to view a list of installed modules. If the "log_config_module" is not enabled, this is a finding.
Uncomment the "log_config_module" module line in the <'INSTALL PATH'>\conf\httpd.conf file. Restart the Apache service.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer