The web server must initiate session logging upon start up.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-206357	SRG-APP-000092-WSR-000055	SV-206357r960888_rule		Medium

Description

An attacker can compromise a web server during the startup process. If logging is not initiated until all the web server processes are started, key information may be missed and not available during a forensic investigation. To assure all logable events are captured, the web server must begin logging once the first web server process is initiated.

STIG	Date
Web Server Security Requirements Guide	2025-02-12

Details

Check Text (C-6618r377663_chk)

Review the web server documentation and deployed configuration to determine if the web server captures log data as soon as the web server is started.

If the web server does not capture logable events upon startup, this is a finding.

Fix Text (F-6618r377664_fix)

Configure the web server to capture logable events upon startup.