configure log file size limit - org.eclipse.jetty.server.handler.RequestLogHandler

Details

By default, the logging.properties file will have no defined limit for the log file size. This is a potential denial of service attack as it would be possible to fill a drive or partition containing the log files.



Establishing a maximum log size that is smaller than the partition size will help mitigate the risk of an attacker maliciously exhausting disk space.


Note: Nessus has not performed this check. It is included for informational purposes only.


Solution

The following example configures a single request log for the entire Jetty Server instance:























/yyyy_mm_dd.request.log
90
true
false
GMT




This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.


References


Source