UCF STIG Viewer Logo

OHS must have a log directory location defined to generate information for use by external applications or entities to monitor and control remote access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-221291 OH12-1X-000021 SV-221291r879521_rule Medium
Description
Remote access to the web server is any access that communicates through an external, non-organization-controlled network. Remote access can be used to access hosted applications or to perform management functions. By providing remote access information to an external monitoring system, the organization can monitor for cyber attacks and monitor compliance with remote access policies. The organization can also look at data organization wide and determine an attack or anomaly is occurring on the organization which might not be noticed if the data were kept local to the web server. Examples of external applications used to monitor or control access would be audit log monitoring systems, dynamic firewalls, or infrastructure monitoring systems.
STIG Date
Oracle HTTP Server 12.1.3 Security Technical Implementation Guide 2022-12-09

Details

Check Text ( C-23006r414556_chk )
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.

2. Search for the "OraLogDir" directive at the OHS server configuration scope.

3. If the directive is omitted, this is a finding.

4. Validate that the folder specified exists. If the folder does not exist, this is a finding.
Fix Text (F-22995r414557_fix)
1. Open $DOMAIN_HOME/config/fmwconfig/components/OHS//httpd.conf with an editor.

2. Search for the "OraLogDir" directive at the OHS server configuration scope.

3. Set the "OraLogDir" directive to an appropriate, protected location on a partition with sufficient space that is different from the partition on which the OHS software is installed; add the directive if it does not exist.