UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Lighttpd must prevent hosted applications from exhausting system resources.


Overview

Finding ID Version Rule ID IA Controls Severity
V-240245 VRAU-LI-000210 SV-240245r879587_rule Medium
Description
When it comes to DoS attacks, most of the attention is paid to ensuring that systems and applications are not victims of these attacks. While it is true that those accountable for systems want to ensure they are not affected by a DoS attack, they also need to ensure their systems and applications are not used to launch such an attack against others. To that extent, a variety of technologies exist to limit, or in some cases, eliminate the effects of DoS attacks. Limiting system resources that are allocated to any user to a bare minimum may also reduce the ability of users to launch some DoS attacks. Applications and application developers must take the steps needed to ensure users cannot use these applications to launch DoS attacks against other systems and networks. An example would be preventing Lighttpd from keeping idle connections open for too long.
STIG Date
VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide 2023-09-12

Details

Check Text ( C-43478r667910_chk )
At the command prompt, execute the following command:

grep '^server.max-keep-alive-idle' /opt/vmware/etc/lighttpd/lighttpd.conf

If the "server.max-keep-alive-idle" is not set to "30", this is a finding.
Fix Text (F-43437r667911_fix)
Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf file

Configure the lighttpd.conf file with the following:

server.max-keep-alive-idle = 30