UCF STIG Viewer Logo

VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide


Overview

Date Finding Count (54)
2018-10-12 CAT I (High): 4 CAT II (Med): 50 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-89155 High HAProxy must not contain any documentation, sample code, example applications, and tutorials.
V-89211 High HAProxy must set the no-sslv3 value on all client ports.
V-89169 High HAProxy must prohibit anonymous users from editing system files.
V-89185 High HAProxy must redirect all http traffic to use https.
V-89153 Medium HAProxy must limit access to the statistics feature.
V-89151 Medium HAProxy expansion modules must be verified for their integrity (checksums) before being added to the build systems.
V-89157 Medium HAProxy must be run in a chroot jail.
V-89141 Medium HAProxy log files must not be accessible to unauthorized users.
V-89175 Medium HAProxy must limit the amount of time that half-open connections are kept alive.
V-89159 Medium HAProxy frontend servers must be bound to a specific port.
V-89171 Medium The HAProxy baseline must be documented and maintained.
V-90319 Medium HAProxy must log the session ID from the request headers.
V-89173 Medium HAProxy must be configured to validate the configuration files during start and restart events.
V-89139 Medium HAProxy must use a logging mechanism that is configured to alert the ISSO and SA in the event of a processing failure.
V-89177 Medium HAProxy must provide default error files.
V-89143 Medium HAProxy log files must be protected from unauthorized modification.
V-89179 Medium HAProxy must not be started with the debug switch.
V-89197 Medium HAProxy libraries, and configuration files must only be accessible to privileged users.
V-89215 Medium HAProxy must have the latest approved security-relevant software updates installed.
V-89195 Medium HAProxy must use the httplog option.
V-89217 Medium HAProxy must set the maxconn value.
V-89193 Medium HAProxy must be configurable to integrate with an organizations security infrastructure.
V-89191 Medium HAProxy must not impede the ability to write specified log record content to an audit log server.
V-89213 Medium HAProxy must remove all export ciphers.
V-89199 Medium HAProxy psql-local frontend must be bound to port 5433.
V-90323 Medium HAProxy must maintain the confidentiality and integrity of information during reception.
V-90321 Medium HAProxy session IDs must be sent to the client using SSL/TLS.
V-89163 Medium HAProxy must perform RFC 5280-compliant certification path validation if PKI is being used.
V-90305 Medium HAProxy must be configured to use syslog.
V-90311 Medium HAProxy must log when events occurred.
V-90309 Medium HAProxy must log what type of events occurred.
V-89161 Medium HAProxy must use SSL/TLS protocols in order to secure passwords during transmission from the client.
V-89145 Medium HAProxy log files must be protected from unauthorized deletion.
V-89147 Medium HAProxy log files must be backed up onto a different system or media.
V-89205 Medium HAProxy must be configured with FIPS 140-2 compliant ciphers for https connections.
V-90301 Medium HAProxy must be configured with FIPS 140-2 compliant ciphers for https connections.
V-90303 Medium HAProxy must be configured to use TLS for https connections.
V-89167 Medium HAProxy must be configured to use only FIPS 140-2 approved ciphers.
V-89165 Medium HAProxys private key must have access restricted.
V-90317 Medium HAProxy must log the outcome of events.
V-90315 Medium HAProxy must log the source of events.
V-90313 Medium HAProxy must log where events occurred.
V-90307 Medium HAProxy must generate log records for system startup and shutdown.
V-89207 Medium HAProxy must be protected from being stopped by a non-privileged user.
V-90297 Medium HAProxy must limit the amount of time that an http request can be received.
V-89149 Medium HAProxy files must be verified for their integrity (checksums) before being added to the build systems.
V-89187 Medium HAProxy must restrict inbound connections from nonsecure zones.
V-89203 Medium HAProxy vro frontend must be bound to the correct port 8283.
V-89181 Medium HAProxy must set an absolute timeout on sessions.
V-89201 Medium HAProxy vcac frontend must be bound to ports 80 and 443.
V-89183 Medium HAProxy must set an inactive timeout on sessions.
V-89189 Medium HAProxy must be configured to use syslog.
V-89209 Medium HAProxy must be configured to use SSL/TLS.
V-90299 Medium HAProxy must enable cookie-based persistence in a backend.