The application must log application shutdown events.

From Application Security and Development Security Technical Implementation Guide

Part of SRG-APP-000095

Associated with: CCI-000130

SV-84043r1_rule The application must log application shutdown events.

Vulnerability discussion

Forensics is a large part of security incident response. Applications must provide a record of their actions so application events can be investigated post-event. Attackers may attempt to shut off the application logging capability to cover their activity while on the system. Recording the shutdown event and the time it occurred in the application or system logs helps to provide forensic evidence that aids in investigating the events.

Check content

Review and monitor the application and system logs. If an application shutdown event is not recorded in the logs, either initiate a shutdown event and review the logs after reestablising access or request backup copies of the application or system logs that indicate shutdown events are being recorded. Alternatively, check for a setting within the application that controls application logging events and determine if application shutdown logging is configured. If the application is not recording application shutdown events in either the application or system log, or if the application is not configured to record shutdown events, this is a finding.

Fix text

Configure the application or application server to record application shutdown events in the event logs.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer