3 - Configure log file size limit - org.eclipse.jetty.server.handler.RequestLogHandler


By default, the logging.properties file will have no defined limit for the log file size. This is a potential denial of service attack as it would be possible to fill a drive or partition containing the log files.

Establishing a maximum log size that is smaller than the partition size will help mitigate the risk of an attacker maliciously exhausting disk space.
Note: Nessus has not performed this check. It is included for informational purposes only.


The following example configures a single request log for the entire Jetty Server instance:

<Set name=""handler"">
<New id=""Handlers"" class=""org.eclipse.jetty.server.handler.HandlerCollection"">
<Set name=""handlers"">
<Array type=""org.eclipse.jetty.server.Handler"">
<New id=""Contexts"" class=""org.eclipse.jetty.server.handler.ContextHandlerCollection""/>
<New id=""DefaultHandler"" class=""org.eclipse.jetty.server.handler.DefaultHandler""/>
<New id=""RequestLog"" class=""org.eclipse.jetty.server.handler.RequestLogHandler""/>

<Ref id=""RequestLog"">
<Set name=""requestLog"">
<New id=""RequestLogImpl"" class=""org.eclipse.jetty.NCSARequestLog"">
<Arg><SystemProperty name=""jetty.logs"" default=""./logs""/>/yyyy_mm_dd.request.log</Arg>
<Set name=""retainDays"">90</Set>
<Set name=""append"">true</Set>
<Set name=""extended"">false</Set>
<Set name=""LogTimeZone"">GMT</Set>

Item Details


References: 800-53|AU-4

Plugin: Unix

Control ID: c2705054dd0e9992afca0d5be75fd18a1c155a311d485a7adf3aa46a53bd5c9a