Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
VAMI must remove all mappings to unused scripts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239727 | VCLD-67-000019 | SV-239727r679291_rule | Medium |
| Description |
|---|
| Scripts allow server-side processing on behalf of the hosted application user or as processes needed in the implementation of hosted applications. Removing scripts not needed for application operation or deemed vulnerable helps to secure the web server. To ensure scripts are not added to the web server and run maliciously, script mappings that are not needed or used by the web server for hosted application operation must be removed. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide | 2021-04-15 |
Details
| Check Text ( C-42960r679289_chk ) |
|---|
| At the command prompt, execute the following command: # /opt/vmware/sbin/vami-lighttpd -p -f /opt/vmware/etc/lighttpd/lighttpd.conf|awk '/cgi\.assign/,/\)/' Expected result: cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl", ".rb" => "/usr/bin/ruby", ".erb" => "/usr/bin/eruby", ".py" => "/usr/bin/python", # 5 ) If the output does not match the expected result, this is a finding. |
| Fix Text (F-42919r679290_fix) |
|---|
| Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf. Configure the "cgi.assign" section to the following: cgi.assign = ( ".pl" => "/usr/bin/perl", ".cgi" => "/usr/bin/perl", ".rb" => "/usr/bin/ruby", ".erb" => "/usr/bin/eruby", ".py" => "/usr/bin/python", # 5 ) |