|
Home > Archive > IIS Server > January 2004 > ACL on LogFiles
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Tsai Li Ming 2004-01-27, 1:34 pm |
| Hi
I was looking through the Microsoft's IIS 5.0 Baseline Security Checklist.
Under ACL for log files:
<snip>
Set appropriate IIS Log file ACLs
Make sure the ACLs on the IIS-generated log files
(%systemroot%\system32\LogFiles) are:
* Administrators (Full Control)
* System (Full Control)
* Everyone (RWC)
This is to help prevent malicious users from deleting the files to cover
their tracks.
</snip>
What is RWC? What does C stands for?
Liming
| |
| Jerry III 2004-01-27, 3:34 pm |
| Change
Jerry
"Tsai Li Ming" <mailinglist@ltsai.com> wrote in message
news:40171baf@news.starhub.net.sg...quote:
> Hi
>
> I was looking through the Microsoft's IIS 5.0 Baseline Security Checklist.
>
> Under ACL for log files:
>
> <snip>
> Set appropriate IIS Log file ACLs
>
> Make sure the ACLs on the IIS-generated log files
> (%systemroot%\system32\LogFiles) are:
>
> * Administrators (Full Control)
> * System (Full Control)
> * Everyone (RWC)
>
> This is to help prevent malicious users from deleting the files to cover
> their tracks.
> </snip>
>
> What is RWC? What does C stands for?
>
> Liming
| |
| Tsai Li Ming 2004-01-27, 4:34 pm |
| Jerry III wrote:quote:
> Change
>
> Jerry
>
> "Tsai Li Ming" <mailinglist@ltsai.com> wrote in message
> news:40171baf@news.starhub.net.sg...
>
>
>
>
Under the security tab, would it be Modify?
Liming
| |
| Ken Schaefer 2004-01-27, 4:34 pm |
| I'm not entirely sure. There is no NTFS permission called "Change". The
"Modify" alias (or whatever is it) gives RWXD (Read/Write/Execute/Delete).
The NTFS permissions that begin with C, that I can see are "Change
Permissions" (not sure if that's needed), and Create/Append Data (which
might be what the document's referring to)
Cheers
Ken
"Tsai Li Ming" <mailinglist@ltsai.com> wrote in message
news:4017459b@news.starhub.net.sg...
: Jerry III wrote:
: > Change
: >
: > Jerry
: >
: > "Tsai Li Ming" <mailinglist@ltsai.com> wrote in message
: > news:40171baf@news.starhub.net.sg...
: >
: >>Hi
: >>
: >>I was looking through the Microsoft's IIS 5.0 Baseline Security
Checklist.
: >>
: >>Under ACL for log files:
: >>
: >><snip>
: >>Set appropriate IIS Log file ACLs
: >>
: >>Make sure the ACLs on the IIS-generated log files
: >>(%systemroot%\system32\LogFiles) are:
: >>
: >> * Administrators (Full Control)
: >> * System (Full Control)
: >> * Everyone (RWC)
: >>
: >>This is to help prevent malicious users from deleting the files to cover
: >>their tracks.
: >></snip>
: >>
: >>What is RWC? What does C stands for?
: >>
: >>Liming
: >
: >
: >
: Under the security tab, would it be Modify?
:
: Liming
| |
| Tsai Li Ming 2004-01-27, 4:34 pm |
| It looks like it's under the Advanced button. When I just select Read,
Write permission, the user is allowed for the following permission under
Advanced:
List Folder/Read Data
Read Attributes
Read Extented Attributes
Create File/Write Data
Create Folders/Append Data
Write Attributes
Write Extended Attributes
Read Permissions
Liming
Ken Schaefer wrote:quote:
> I'm not entirely sure. There is no NTFS permission called "Change". The
> "Modify" alias (or whatever is it) gives RWXD (Read/Write/Execute/Delete).
>
> The NTFS permissions that begin with C, that I can see are "Change
> Permissions" (not sure if that's needed), and Create/Append Data (which
> might be what the document's referring to)
>
> Cheers
> Ken
>
> "Tsai Li Ming" <mailinglist@ltsai.com> wrote in message
> news:4017459b@news.starhub.net.sg...
> : Jerry III wrote:
> : > Change
> : >
> : > Jerry
> : >
> : > "Tsai Li Ming" <mailinglist@ltsai.com> wrote in message
> : > news:40171baf@news.starhub.net.sg...
> : >
> : >>Hi
> : >>
> : >>I was looking through the Microsoft's IIS 5.0 Baseline Security
> Checklist.
> : >>
> : >>Under ACL for log files:
> : >>
> : >><snip>
> : >>Set appropriate IIS Log file ACLs
> : >>
> : >>Make sure the ACLs on the IIS-generated log files
> : >>(%systemroot%\system32\LogFiles) are:
> : >>
> : >> * Administrators (Full Control)
> : >> * System (Full Control)
> : >> * Everyone (RWC)
> : >>
> : >>This is to help prevent malicious users from deleting the files to cover
> : >>their tracks.
> : >></snip>
> : >>
> : >>What is RWC? What does C stands for?
> : >>
> : >>Liming
> : >
> : >
> : >
> : Under the security tab, would it be Modify?
> :
> : Liming
>
>
| |
| Jeff Cochran 2004-01-28, 4:36 am |
| On Wed, 28 Jan 2004 10:17:35 +0800, Tsai Li Ming
<mailinglist@ltsai.com> wrote:
quote:
>Hi
>
>I was looking through the Microsoft's IIS 5.0 Baseline Security Checklist.
>
>Under ACL for log files:
>
><snip>
>Set appropriate IIS Log file ACLs
>
>Make sure the ACLs on the IIS-generated log files
>(%systemroot%\system32\LogFiles) are:
>
> * Administrators (Full Control)
> * System (Full Control)
> * Everyone (RWC)
>
>This is to help prevent malicious users from deleting the files to cover
>their tracks.
></snip>
>
>What is RWC? What does C stands for?
Create. Though I'm not sure that list is accurate, since I'm not sure
the Everyone group needs rights at all, especially Write and Create.
My IIS5 has the Users group with Read/Read-Execute but that's because
of the way I use the system. The Everyone group doesn't get access to
the log folders and it works fine.
By the way, you don't want Modify, then someone could change an
existing file to erase their tracks.
Jeff
| |
| Paul Lynch 2004-01-30, 1:36 am |
| On Wed, 28 Jan 2004 10:17:35 +0800, Tsai Li Ming
<mailinglist@ltsai.com> wrote:
quote:
>Hi
>
>I was looking through the Microsoft's IIS 5.0 Baseline Security Checklist.
>
>Under ACL for log files:
>
><snip>
>Set appropriate IIS Log file ACLs
>
>Make sure the ACLs on the IIS-generated log files
>(%systemroot%\system32\LogFiles) are:
>
> * Administrators (Full Control)
> * System (Full Control)
> * Everyone (RWC)
>
>This is to help prevent malicious users from deleting the files to cover
>their tracks.
></snip>
>
>What is RWC? What does C stands for?
>
>Liming
Liming,
The correct ACL's for the IIS log files can be found in this KB
article :
HOW TO: Set Secure NTFS Permissions on IIS 5.0 Log Files and Virtual
Directories in Windows 2000
http://support.microsoft.com/?kbid=310361
Regards,
Paul Lynch
MCSE
|
|
|
|
|