Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
HAProxy psql-local frontend must be bound to port 5433.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-240081 | VRAU-HA-000395 | SV-240081r879756_rule | Medium |
| Description |
|---|
| Web servers provide numerous processes, features, and functionalities that utilize TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The HAProxy load balancer in the vRA appliance listens to port 5433 on behalf of the PostgreSQL service. |
| STIG | Date |
|---|---|
| VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide | 2023-09-12 |
Details
| Check Text ( C-43314r665410_chk ) |
|---|
| At the command prompt, execute the following command: grep 'bind' /etc/haproxy/conf.d/10-psql.cfg If the value for bind is not set to 5433, this is a finding. |
| Fix Text (F-43273r665411_fix) |
|---|
| Navigate to and open /etc/haproxy/conf.d/10-psql.cfg Navigate to and configure the "frontend psql-local" section with the following value: bind 127.0.0.1:5433 |