UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VAMI configuration files must be protected from unauthorized access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239739 VCLD-67-000032 SV-239739r816827_rule Medium
Description
Accounts on the VAMI server are to be kept to a minimum. Only administrators, web managers, developers, auditors, and web authors require accounts on the machine hosting the Lighttpd server. The resources to which these accounts have access must also be closely monitored and controlled. Only the system administrator needs access to all of the system's capabilities, while the web administrator and associated staff require access and control of the web content and the Lighttpd server configuration files.
STIG Date
VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide 2022-01-03

Details

Check Text ( C-42972r816826_chk )
Note: The below command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash".

At the command prompt, execute the following command:

# stat -c "%n permissions are %a and ownership is %U:%G" /opt/vmware/etc/lighttpd/lighttpd.conf /etc/applmgmt/appliance/lighttpd.conf

Expected result:

/opt/vmware/etc/lighttpd/lighttpd.conf permissions are 644 and ownership is root:root
/etc/applmgmt/appliance/lighttpd.conf permissions are 644 and ownership is root:root

If the output does not match the expected result, this is a finding.
Fix Text (F-42931r679326_fix)
At the command prompt, enter the following command:

# chmod 644
# chown root:root

Note: Replace with every file returned from the command in the check.