UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide


Overview

Date Finding Count (54)
2018-10-12 CAT I (High): 4 CAT II (Med): 50 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Classified)

Finding ID Severity Title
V-89155 High HAProxy must not contain any documentation, sample code, example applications, and tutorials.
V-89211 High HAProxy must set the no-sslv3 value on all client ports.
V-89169 High HAProxy must prohibit anonymous users from editing system files.
V-89185 High HAProxy must redirect all http traffic to use https.
V-89153 Medium HAProxy must limit access to the statistics feature.
V-89151 Medium HAProxy expansion modules must be verified for their integrity (checksums) before being added to the build systems.
V-89157 Medium HAProxy must be run in a chroot jail.
V-89141 Medium HAProxy log files must not be accessible to unauthorized users.
V-89175 Medium HAProxy must limit the amount of time that half-open connections are kept alive.
V-89159 Medium HAProxy frontend servers must be bound to a specific port.
V-89171 Medium The HAProxy baseline must be documented and maintained.
V-90319 Medium HAProxy must log the session ID from the request headers.
V-89173 Medium HAProxy must be configured to validate the configuration files during start and restart events.
V-89139 Medium HAProxy must use a logging mechanism that is configured to alert the ISSO and SA in the event of a processing failure.
V-89177 Medium HAProxy must provide default error files.
V-89143 Medium HAProxy log files must be protected from unauthorized modification.
V-89179 Medium HAProxy must not be started with the debug switch.
V-89197 Medium HAProxy libraries, and configuration files must only be accessible to privileged users.
V-89215 Medium HAProxy must have the latest approved security-relevant software updates installed.
V-89195 Medium HAProxy must use the httplog option.
V-89217 Medium HAProxy must set the maxconn value.
V-89193 Medium HAProxy must be configurable to integrate with an organizations security infrastructure.
V-89191 Medium HAProxy must not impede the ability to write specified log record content to an audit log server.
V-89213 Medium HAProxy must remove all export ciphers.
V-89199 Medium HAProxy psql-local frontend must be bound to port 5433.
V-90323 Medium HAProxy must maintain the confidentiality and integrity of information during reception.
V-90321 Medium HAProxy session IDs must be sent to the client using SSL/TLS.
V-89163 Medium HAProxy must perform RFC 5280-compliant certification path validation if PKI is being used.
V-90305 Medium HAProxy must be configured to use syslog.
V-90311 Medium HAProxy must log when events occurred.
V-90309 Medium HAProxy must log what type of events occurred.
V-89161 Medium HAProxy must use SSL/TLS protocols in order to secure passwords during transmission from the client.
V-89145 Medium HAProxy log files must be protected from unauthorized deletion.
V-89147 Medium HAProxy log files must be backed up onto a different system or media.
V-89205 Medium HAProxy must be configured with FIPS 140-2 compliant ciphers for https connections.
V-90301 Medium HAProxy must be configured with FIPS 140-2 compliant ciphers for https connections.
V-90303 Medium HAProxy must be configured to use TLS for https connections.
V-89167 Medium HAProxy must be configured to use only FIPS 140-2 approved ciphers.
V-89165 Medium HAProxys private key must have access restricted.
V-90317 Medium HAProxy must log the outcome of events.
V-90315 Medium HAProxy must log the source of events.
V-90313 Medium HAProxy must log where events occurred.
V-90307 Medium HAProxy must generate log records for system startup and shutdown.
V-89207 Medium HAProxy must be protected from being stopped by a non-privileged user.
V-90297 Medium HAProxy must limit the amount of time that an http request can be received.
V-89149 Medium HAProxy files must be verified for their integrity (checksums) before being added to the build systems.
V-89187 Medium HAProxy must restrict inbound connections from nonsecure zones.
V-89203 Medium HAProxy vro frontend must be bound to the correct port 8283.
V-89181 Medium HAProxy must set an absolute timeout on sessions.
V-89201 Medium HAProxy vcac frontend must be bound to ports 80 and 443.
V-89183 Medium HAProxy must set an inactive timeout on sessions.
V-89189 Medium HAProxy must be configured to use syslog.
V-89209 Medium HAProxy must be configured to use SSL/TLS.
V-90299 Medium HAProxy must enable cookie-based persistence in a backend.