UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VAMI server binaries and libraries must be verified for their integrity.


Overview

Finding ID Version Rule ID IA Controls Severity
V-256653 VCLD-70-000009 SV-256653r888481_rule Medium
Description
Being able to verify that a patch, upgrade, certificate, etc., being added to the web server is unchanged from the producer of the file is essential for file validation and nonrepudiation of the information. VMware delivers product updates and patches regularly. When VAMI is updated, the signed packages will also be updated. These packages can be used to verify that VAMI has not been inappropriately modified since it was installed. The file "lighttpd.conf" and "vami-lighttp.service" are intentionally modified on first boot and thus are excluded from the check. Satisfies: SRG-APP-000131-WSR-000051, SRG-APP-000211-WSR-000030, SRG-APP-000380-WSR-000072
STIG Date
VMware vSphere 7.0 VAMI Security Technical Implementation Guide 2023-06-15

Details

Check Text ( C-60328r888479_chk )
At the command prompt, run the following command:

# rpm -qa|grep lighttpd|xargs rpm -V|grep -v -E "lighttpd.conf|vami-lighttp.service"

If the command returns any output, this is a finding.
Fix Text (F-60271r888480_fix)
If the VAMI binaries have been modified from the default state when deployed as part of the vCenter Server Appliance (VCSA), the system must be wiped and redeployed or restored from backup.

VMware does not recommend or support recovering from such a state by reinstalling RPMs or similar efforts.