VAMI configuration files must be protected from unauthorized access.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239739 | VCLD-67-000032 | SV-239739r816827_rule | Medium |
| Description |
|---|
| Accounts on the VAMI server are to be kept to a minimum. Only administrators, web managers, developers, auditors, and web authors require accounts on the machine hosting the Lighttpd server. The resources to which these accounts have access must also be closely monitored and controlled. Only the system administrator needs access to all of the system's capabilities, while the web administrator and associated staff require access and control of the web content and the Lighttpd server configuration files. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide | 2022-01-03 |
Details
| Check Text ( C-42972r816826_chk ) |
|---|
| Note: The below command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash". At the command prompt, execute the following command: # stat -c "%n permissions are %a and ownership is %U:%G" /opt/vmware/etc/lighttpd/lighttpd.conf /etc/applmgmt/appliance/lighttpd.conf Expected result: /opt/vmware/etc/lighttpd/lighttpd.conf permissions are 644 and ownership is root:root /etc/applmgmt/appliance/lighttpd.conf permissions are 644 and ownership is root:root If the output does not match the expected result, this is a finding. |
| Fix Text (F-42931r679326_fix) |
|---|
| At the command prompt, enter the following command: # chmod 644 # chown root:root Note: Replace |