VAMI must restrict access to the web root.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-239733	VCLD-67-000026	SV-239733r816815_rule		Medium

Description
As a rule, accounts on a web server are to be kept to a minimum, and those accounts are then restricted as to what they are allowed to access. The web root of the VAMI Lighttpd installation contains the content that is served up to the end user. This content must have the minimum necessary permissions and proper ownership to help protect against unprivileged modification of the content.

STIG	Date
VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide	2022-01-03

Details

Check Text ( C-42966r816814_chk )
Note: The below command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash". At the command prompt, execute the following command: # find /opt/vmware/share/htdocs/ -xdev -type d -a '(' -not -perm 0755 -o -not -user root -o -not -group root ')' -exec ls -ld {} \; If any files are returned, this is a finding.

Check Text ( C-42966r816814_chk )

Note: The below command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash".

At the command prompt, execute the following command:

# find /opt/vmware/share/htdocs/ -xdev -type d -a '(' -not -perm 0755 -o -not -user root -o -not -group root ')' -exec ls -ld {} \;

If any files are returned, this is a finding.

Fix Text (F-42925r679308_fix)
At the command prompt, execute the following commands: # chmod 0755 # chown root:root Note: Substitute with each directory returned from the check.