Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
HAProxy must limit access to the statistics feature.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-89153 | VRAU-HA-000130 | SV-99803r1_rule | Medium |
| Description |
|---|
| A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to be accessible on a production DoD system. HAProxy provide a statistics page, which will display web browser statistics from any web browser if HAProxy has not been configured to connect the server statistics to a UNIX socket. |
| STIG | Date |
|---|---|
| VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide | 2018-10-12 |
Details
| Check Text ( C-88845r1_chk ) |
|---|
| At the command prompt, execute the following command: grep 'stats socket' /etc/haproxy/haproxy.cfg If the command does not return the line below, this is a finding. stats socket /var/run/haproxy.sock mode 600 level admin |
| Fix Text (F-95895r1_fix) |
|---|
| Uninstall or deactivate features, services, and processes not needed by the web server for operation. |