Lighttpd must not be configured to listen to unnecessary ports.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-89307	VRAU-LI-000430	SV-99957r1_rule		Medium

Description
Web servers must provide the capability to disable or deactivate network-related services that are deemed to be non-essential to the server mission, are too unsecure, or are prohibited by the PPSM CAL and vulnerability assessments. Lighttpd will listen on ports that are specified with the server.port configuration parameter. Lighttpd listens to port 5480 to provide remote access to the Virtual Appliance Management Interface (vAMI). Lighttpd must not be configured to listen to any other port.

Description

Web servers must provide the capability to disable or deactivate network-related services that are deemed to be non-essential to the server mission, are too unsecure, or are prohibited by the PPSM CAL and vulnerability assessments. Lighttpd will listen on ports that are specified with the server.port configuration parameter. Lighttpd listens to port 5480 to provide remote access to the Virtual Appliance Management Interface (vAMI). Lighttpd must not be configured to listen to any other port.

STIG	Date
VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide	2018-10-12

Details

Check Text ( C-88999r2_chk )
At the command prompt, execute the following command: cat /opt/vmware/etc/lighttpd/lighttpd.conf \| awk '$0 ~ /server\.port/ { print }' If any value returned other than "server.port=5480", this is a finding.

Fix Text (F-96049r1_fix)
Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf Note: Do not delete the entry for "server.port=5480" Delete all other server.port entries.