From Application Security and Development Security Technical Implementation Guide
Part of SRG-APP-000381
Associated with: CCI-001814
Without auditing the enforcement of access restrictions against changes to the application configuration, it will be difficult to identify attempted attacks and an audit trail will not be available for forensic investigation for after-the-fact actions.
Review the application documentation and configuration settings. Access the application configuration settings interface as a privileged user. Make configuration changes to the application. Review the application audit logs and ensure a log entry is made identifying the privileged user account that was used to make the changes. If application configuration is maintained by using a text editor to modify a configuration file, modify the configuration file with a text editor. Review the system logs and ensure a log entry is made for the file modification that identifies the user that was used to make the changes. If the user account is not logged, or is a group account such as "root", this is a finding. If the user account used to make the changes is not logged in the audit records, this is a finding.
Configure the application to create log entries that can be used to identify the user accounts that make application configuration changes.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer