Skip to content

Oracle HTTP Server 12.1.3 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000097-WSR-000058

    <GroupDescription></GroupDescription>
    Group
  • OHS must have a log file defined for each site/virtual host to capture logs generated that allow the establishment of where within OHS the events occurred.

    &lt;VulnDiscussion&gt;Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a corr...
    Rule Medium Severity
  • SRG-APP-000098-WSR-000059

    <GroupDescription></GroupDescription>
    Group
  • OHS must have a log format defined for log records that allow the establishment of the source of events.

    &lt;VulnDiscussion&gt;Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a corr...
    Rule Medium Severity
  • SRG-APP-000098-WSR-000059

    <GroupDescription></GroupDescription>
    Group
  • OHS must have a SSL log format defined for log records that allow the establishment of the source of events.

    &lt;VulnDiscussion&gt;Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a corr...
    Rule Medium Severity
  • SRG-APP-000098-WSR-000059

    <GroupDescription></GroupDescription>
    Group
  • OHS must have a log file defined for each site/virtual host to capture logs generated that allow the establishment of the source of events.

    &lt;VulnDiscussion&gt;Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a corr...
    Rule Medium Severity
  • SRG-APP-000098-WSR-000060

    <GroupDescription></GroupDescription>
    Group
  • OHS, behind a load balancer or proxy server, must produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event.

    &lt;VulnDiscussion&gt;Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a corr...
    Rule Medium Severity
  • SRG-APP-000098-WSR-000060

    <GroupDescription></GroupDescription>
    Group
  • OHS, behind a load balancer or proxy server, must have the SSL log format set correctly to produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event.

    &lt;VulnDiscussion&gt;Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a corr...
    Rule Medium Severity
  • SRG-APP-000098-WSR-000060

    <GroupDescription></GroupDescription>
    Group
  • A production OHS Installation must prohibit the installation of a compiler.

    &lt;VulnDiscussion&gt;The presence of a compiler on a production server facilitates the malicious user’s task of creating custom versions of progra...
    Rule Medium Severity
  • SRG-APP-000516-WSR-000174

    <GroupDescription></GroupDescription>
    Group
  • OHS, behind a load balancer or proxy server, must have a log file defined for each site/virtual host to produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event.

    &lt;VulnDiscussion&gt;Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a corr...
    Rule Medium Severity
  • SRG-APP-000099-WSR-000061

    <GroupDescription></GroupDescription>
    Group
  • OHS must have a log format defined to produce log records that contain sufficient information to establish the outcome (success or failure) of events.

    &lt;VulnDiscussion&gt;Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a corr...
    Rule Medium Severity
  • SRG-APP-000099-WSR-000061

    <GroupDescription></GroupDescription>
    Group
  • OHS must have a SSL log format defined to produce log records that contain sufficient information to establish the outcome (success or failure) of events.

    &lt;VulnDiscussion&gt;Web server logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a corr...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules