Check: VCLD-67-000034
VMware vSphere 6.7 VAMI-lighttpd STIG:
VCLD-67-000034
(in versions v1 r3 through v1 r2)
Title
VAMI must implement TLS1.2 exclusively. (Cat I impact)
Discussion
Transport Layer Security (TLS) is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2 approved TLS versions must be enabled, and non-FIPS-approved SSL versions must be disabled. VAMI comes configured to use only TLS 1.2. This configuration must be verified and maintained.
Check Content
Note: The below command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash". At the command prompt, execute the following command: # /opt/vmware/sbin/vami-lighttpd -p -f /opt/vmware/etc/lighttpd/lighttpd.conf|grep "ssl.use" Expected result: ssl.use-tlsv12 = "enable" ssl.use-sslv2 = "disable" ssl.use-sslv3 = "disable" ssl.use-tlsv10 = "disable" ssl.use-tlsv11 = "disable" If the output does not match the expected result, this is a finding.
Fix Text
Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf. Replace any and all "ssl.use-*" lines with following: ssl.use-tlsv12 = "enable" ssl.use-sslv2 = "disable" ssl.use-sslv3 = "disable" ssl.use-tlsv10 = "disable" ssl.use-tlsv11 = "disable"
Additional Identifiers
Rule ID: SV-239741r879810_rule
Vulnerability ID: V-239741
Group Title: SRG-APP-000439-WSR-000156
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002418 |
The information system protects the confidentiality and/or integrity of transmitted information. |
Controls
Number | Title |
---|---|
SC-8 |
Transmission Confidentiality And Integrity |