Check: VCLD-67-000026
VMware vSphere 6.7 VAMI-lighttpd STIG:
VCLD-67-000026
(in versions v1 r3 through v1 r2)
Title
VAMI must restrict access to the web root. (Cat II impact)
Discussion
As a rule, accounts on a web server are to be kept to a minimum, and those accounts are then restricted as to what they are allowed to access. The web root of the VAMI Lighttpd installation contains the content that is served up to the end user. This content must have the minimum necessary permissions and proper ownership to help protect against unprivileged modification of the content.
Check Content
Note: The below command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash". At the command prompt, execute the following command: # find /opt/vmware/share/htdocs/ -xdev -type d -a '(' -not -perm 0755 -o -not -user root -o -not -group root ')' -exec ls -ld {} \; If any files are returned, this is a finding.
Fix Text
At the command prompt, execute the following commands: # chmod 0755 <directory> # chown root:root <directory> Note: Substitute <directory> with each directory returned from the check.
Additional Identifiers
Rule ID: SV-239733r879631_rule
Vulnerability ID: V-239733
Group Title: SRG-APP-000211-WSR-000030
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001082 |
The information system separates user functionality (including user interface services) from information system management functionality. |
Controls
Number | Title |
---|---|
SC-2 |
Application Partitioning |