UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

All Automation Controller NGINX web servers must be configured to use a specified IP address and port.


Overview

Finding ID Version Rule ID IA Controls Severity
V-256952 APWS-AT-000370 SV-256952r960966_rule Medium
Description
From a security perspective, it is important that all Automation Controller NGINX web servers are configured to use a specified IP address and port because “listening” on all IP addresses poses a vulnerability to the web server. Not confining the web server to a specified IP address and port puts all web server content at risk of access by bad actors wanting to take advantage of those resources.
STIG Date
Red Hat Ansible Automation Controller Web Server Security Technical Implementation Guide 2024-06-10

Details

Check Text ( C-60627r903524_chk )
As a System Administrator for each Automation Controller NGINX web server host, verify the web server is configured to use a static IP address and port.

NGINXCONF=`nginx -V 2>&1 | tr ' ' '\n' | sed -ne '/conf-path/{s/.*conf-path=\(.*\)/\1/;p}' ` ; grep '^\s*listen\s*\*\|\s*listen\s*\[.*\]\|\s*listen\s*0\.0\.0\.0\|\s*listen\s*\[.*\]|^\s*listen\s\+.*:[^[:digit:]\s]\+.*' $NGINXCONF && echo FAILED

If "FAILED" is displayed, this is a finding.
Fix Text (F-60569r902369_fix)
As a System Administrator for each Automation Controller NGINX web server host, identify the allowed and/or designated IP address(es) for the Automation Controller system.

Replace any wildcard or ranged IP address references in the NGINX configuration with IP addresses from the pool of allowed and/or designated address.

Reload the NGINX server configurations for all NGINX processes:

$ pkill -HUP nginx