Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-255270 | HP3P-33-001001 | SV-255270r958478_rule | Medium |
Description |
---|
It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors. The HPE 3PAR OS does not, by default, operate nonessential services. The web-services component must be configured for it to start. If it is not required by the mission, then it must be disabled. |
STIG | Date |
---|---|
HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide | 2024-05-30 |
Check Text ( C-58943r870127_chk ) |
---|
Verify the state of the Optional capabilities on the array. cli% showwsapi If the service state is not "Disabled", and the web-services functionality is not being used, this is a finding. If web services functionality is required, this is not applicable. |
Fix Text (F-58887r870128_fix) |
---|
If web services functionality is not required, stop and disable web-services: cli% stopwsapi -f |