The vAMI executable files and library must not be world-writeable.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-90213	VRAU-VA-000175	SV-100863r1_rule		Medium

Description
Application servers have the ability to specify that the hosted applications utilize shared libraries. The application server must have a capability to divide roles based upon duties wherein one project user (such as a developer) cannot modify the shared library code of another project user. The application server must also be able to specify that non-privileged users cannot modify any shared library code at all.

Description

Application servers have the ability to specify that the hosted applications utilize shared libraries. The application server must have a capability to divide roles based upon duties wherein one project user (such as a developer) cannot modify the shared library code of another project user. The application server must also be able to specify that non-privileged users cannot modify any shared library code at all.

STIG	Date
VMW vRealize Automation 7.x vAMI Security Technical Implementation Guide	2018-10-12

Details

Check Text ( C-89905r1_chk )
At the command prompt, execute the following command: find /opt/vmware/share/vami -perm -0002 -type f If any files are listed, this is a finding.

Fix Text (F-96955r2_fix)
At the command prompt, enter the following command: chmod a-w Note: Replace with the file(s) with world-write rights.