Check: VCLD-67-000020
VMware vSphere 6.7 VAMI-lighttpd STIG:
VCLD-67-000020
(in versions v1 r3 through v1 r2)
Title
VAMI must have resource mappings set to disable the serving of certain file types. (Cat II impact)
Discussion
Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and identify which file types are not to be delivered to a client. By not specifying which files can and cannot be served to a user, VAMI could potentially deliver sensitive files.
Check Content
Note: The below command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash". At the command prompt, execute the following command: # /opt/vmware/sbin/vami-lighttpd -p -f /opt/vmware/etc/lighttpd/lighttpd.conf|grep "url.access-deny" Expected result: url.access-deny = ("~", ".inc") If the output does not match the expected result, this is a finding.
Fix Text
Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf. Add or reconfigure the following value: url.access-deny = ( "~", ".inc" )
Additional Identifiers
Rule ID: SV-239728r879587_rule
Vulnerability ID: V-239728
Group Title: SRG-APP-000141-WSR-000083
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |