17 lines
1.1 KiB
Plaintext
17 lines
1.1 KiB
Plaintext
Configuring loggers is security-sensitive. It has led in the past to the following vulnerabilities:
|
|
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0285[CVE-2018-0285]
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1127[CVE-2000-1127]
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15113[CVE-2017-15113]
|
|
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5742[CVE-2015-5742]
|
|
|
|
Logs are useful before, during and after a security incident.
|
|
|
|
* Attackers will most of the time start their nefarious work by probing the system for vulnerabilities. Monitoring this activity and stopping it is the first step to prevent an attack from ever happening.
|
|
* In case of a successful attack, logs should contain enough information to understand what damage an attacker may have inflicted.
|
|
|
|
Logs are also a target for attackers because they might contain sensitive information. Configuring loggers has an impact on the type of information logged and how they are logged.
|
|
|
|
|
|
This rule flags for review code that initiates loggers configuration. The goal is to guide security code reviews.
|