HAProxy psql-local frontend must be bound to port 5433.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-89199 | VRAU-HA-000395 | SV-99849r1_rule | Medium |
| Description |
|---|
| Web servers provide numerous processes, features, and functionalities that utilize TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The HAProxy load balancer in the vRA appliance listens to port 5433 on behalf of the PostgreSQL service. |
| STIG | Date |
|---|---|
| VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide | 2018-10-12 |
Details
| Check Text ( C-88891r1_chk ) |
|---|
| At the command prompt, execute the following command: grep 'bind' /etc/haproxy/conf.d/10-psql.cfg If the value for bind is not set to 5433, this is a finding. |
| Fix Text (F-95941r1_fix) |
|---|
| Navigate to and open /etc/haproxy/conf.d/10-psql.cfg Navigate to and configure the "frontend psql-local" section with the following value: bind 127.0.0.1:5433 |