Logging Directives should be restricted to authorized users. - 'LogFormat'

Information

The server logs are invaluable for a variety of reasons. They can be used to determine what resources are being used most. They can also be used to spot any potential problems before they become serious. Most importantly, they can be used to watch for anomalous behaviour that may be an indication that an attack is pending or has occurred. If there are multiple web sites, or with large websites with multiple people responsible for portions of the web site, each responsible individual or organization needs access to their own web logs, and needs the skills/training/tools for monitoring the logs.
NOTE - Check output for LogFormat '%h %l %u %t \'%r\' %>s %b '%{Accept}i' '%{Referrer}i' '%{User-Agent}i'' combined

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Edit the httpd.conf file and add the following:-
LogLevel notice
ErrorLog logs/error_log
LogFormat '%h %l %u %t \'%r\' %>s %b '%{Accept}i' '%{Referrer}i' '%{User-Agent}i'' combined
CustomLog logs/access_log combined

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(4)

Plugin: Windows

Control ID: 3768ae184a8a95759477762c68c1baf4944eaaa68327ea1857bbdf8f573d36eb