UCF STIG Viewer Logo

Access to the web site log files must be restricted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-13689 WG255 IIS6 SV-29398r1_rule ECTP-1 Medium
Description
A major tool in exploring the web site use, attempted use, unusual conditions, and problems are the access and error logs. In the event of a security incident, these logs can provide the SA and the web manager with valuable information. Failure to protect log files could enable an attacker to modify the log file data or falsify events to mask an attacker's activity.
STIG Date
IIS6 Site 2015-06-01

Details

Check Text ( C-30017r1_chk )
1. Open the IIS Manager > Right click the website being reviewed > Select Properties > Select the Web Site tab > in the Enable logging box select Properties.
2. Note the path listed under the text Log file directory and the name of the log file beside the text Log file name.
3. Use Explorer to navigate to the log files based on the path and name found in step 2.
4. Right-click on the log file > Select Security.
5. Verify the permissions are as follows:

- Auditors & System = Full Control
- Administrators & Web Administrators = Read

If the permissions are not the same as those listed in step 5, this is a finding.
If any account has access to the log files other than those listed in step 5, this is a finding.

NOTE: If permission assignment is more restrictive, this is not a finding.
Fix Text (F-32678r1_fix)
1. Open the IIS Manager > Right click the website being reviewed > Select Properties > Select the Web Site tab > In the Enable logging box select Properties.
2. Note the path listed under the text Log file directory and the name of the log file beside the text Log file name.
3. Use Explorer to navigate to the log files based on the path and name found in step 2.
4. Right-click on the log file > Select Security.
5. Set the permissions as follows:

- Auditors & System = Full Control
- Administrators & Web Administrators = Read