HAProxy vro frontend must be bound to the correct port 8283.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-89203 | VRAU-HA-000405 | SV-99853r1_rule | Medium |
| Description |
|---|
| Web servers provide numerous processes, features, and functionalities that utilize TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The HAProxy load balancer in the vRA appliance listens to ports 8283 on behalf of the vro configuration service. |
| STIG | Date |
|---|---|
| VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide | 2018-10-12 |
Details
| Check Text ( C-88895r1_chk ) |
|---|
| At the command prompt, execute the following command: grep 'bind' /etc/haproxy/conf.d/30-vro-config.cfg If the value for bind is not set to "8283", this is a finding. |
| Fix Text (F-95945r1_fix) |
|---|
| Navigate to and open /etc/haproxy/conf.d/30-vro-config.cfg Navigate to and configure the "frontend https-in-vro-config" section with the following value: bind :8283 ssl crt /opt/vmware/etc/lighttpd/server.pem ciphers FIPS:+3DES:!aNULL no-sslv3 |