From Part 2, “Security: Apache”:
“Log files are another useful utility for monitoring attacks on
your server. One must set up a centralised secure log server so
that hackers will not be able to remov e traces of their intrusion
so easily. Various logfile analyzers like analog, webaliser help in
keeping track of the web server access by people. By installing and
configuring a good logfile analyser one can know details about the
total traffic across the network and the various files and
directories accessed,mod ified,deleted or any such activity. It
will also tell you the pages that were visited and by whom. In
addition to that are all the resources that are busy with respect
to apache.“Maintaining Logfiles is such an important task that one must
follow in order to keep track of his system’s activities.Apache web
server logfiles are httpd.log,error _log and access_log These files
log all the attempts by a user in order to perform a task,it can be
an attempt for compromising the system The daemon syslog must be
enabled which is responsible for logging activity. Care must be
taken that logging is on for mail and auth privileges in
/etc/syslog.conf“In typical operation, Apache is started by the root user, and
it switches to the user defined by the User directive to serve
hits. As is the case with any command th at root executes, you must
take care that it is protected from modification by non-root users.
Not only must the files themselves be writeable only by root, but
so must the directories, and parents of all directories…”