UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide


Overview

Date Finding Count (55)
2023-09-12 CAT I (High): 5 CAT II (Med): 50 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-240059 High HAProxy must not contain any documentation, sample code, example applications, and tutorials.
V-240074 High HAProxy must redirect all http traffic to use https.
V-258451 High The version of vRealize Automation 7.x HA Proxy running on the system must be a supported version.
V-240088 High HAProxy must set the no-sslv3 value on all client ports.
V-240066 High HAProxy must prohibit anonymous users from editing system files.
V-240058 Medium HAProxy must limit access to the statistics feature.
V-240092 Medium HAProxy must set the maxconn value.
V-240090 Medium HAProxy must maintain the confidentiality and integrity of information during reception.
V-240091 Medium HAProxy must have the latest approved security-relevant software updates installed.
V-240052 Medium HAProxy log files must not be accessible to unauthorized users.
V-240053 Medium HAProxy log files must be protected from unauthorized modification.
V-240050 Medium HAProxy must log the session ID from the request headers.
V-240051 Medium HAProxy must use a logging mechanism that is configured to alert the ISSO and SA in the event of a processing failure.
V-240056 Medium HAProxy files must be verified for their integrity (checksums) before being added to the build systems.
V-240057 Medium HAProxy expansion modules must be verified for their integrity (checksums) before being added to the build systems.
V-240054 Medium HAProxy log files must be protected from unauthorized deletion.
V-240055 Medium HAProxy log files must be backed up onto a different system or media.
V-240039 Medium HAProxy must limit the amount of time that an http request can be received.
V-240076 Medium HAProxy must be configured to use syslog.
V-240077 Medium HAProxy must not impede the ability to write specified log record content to an audit log server.
V-240070 Medium HAProxy must provide default error files.
V-240071 Medium HAProxy must not be started with the debug switch.
V-240072 Medium HAProxy must set an absolute timeout on sessions.
V-240073 Medium HAProxy must set an inactive timeout on sessions.
V-240078 Medium HAProxy must be configurable to integrate with an organizations security infrastructure.
V-240079 Medium HAProxy must use the httplog option.
V-240089 Medium HAProxy must remove all export ciphers.
V-240081 Medium HAProxy psql-local frontend must be bound to port 5433.
V-240080 Medium HAProxy libraries, and configuration files must only be accessible to privileged users.
V-240083 Medium HAProxy vro frontend must be bound to the correct port 8283.
V-240082 Medium HAProxy vcac frontend must be bound to ports 80 and 443.
V-240085 Medium HAProxy must be protected from being stopped by a non-privileged user.
V-240084 Medium HAProxy must be configured with FIPS 140-2 compliant ciphers for https connections.
V-240087 Medium HAProxy session IDs must be sent to the client using SSL/TLS.
V-240086 Medium HAProxy must be configured to use SSL/TLS.
V-240049 Medium HAProxy must log the outcome of events.
V-240048 Medium HAProxy must log the source of events.
V-240045 Medium HAProxy must log what type of events occurred.
V-240044 Medium HAProxy must generate log records for system startup and shutdown.
V-240047 Medium HAProxy must log where events occurred.
V-240046 Medium HAProxy must log when events occurred.
V-240041 Medium HAProxy must be configured with FIPS 140-2 compliant ciphers for https connections.
V-240040 Medium HAProxy must enable cookie-based persistence in a backend.
V-240043 Medium HAProxy must be configured to use syslog.
V-240042 Medium HAProxy must be configured to use TLS for https connections.
V-240067 Medium The HAProxy baseline must be documented and maintained.
V-240065 Medium HAProxy must be configured to use only FIPS 140-2 approved ciphers.
V-240064 Medium HAProxys private key must have access restricted.
V-240063 Medium HAProxy must perform RFC 5280-compliant certification path validation if PKI is being used.
V-240062 Medium HAProxy must use SSL/TLS protocols in order to secure passwords during transmission from the client.
V-240061 Medium HAProxy frontend servers must be bound to a specific port.
V-240060 Medium HAProxy must be run in a chroot jail.
V-240069 Medium HAProxy must limit the amount of time that half-open connections are kept alive.
V-240068 Medium HAProxy must be configured to validate the configuration files during start and restart events.
V-240075 Medium HAProxy must restrict inbound connections from nonsecure zones.