STIGQter: STIG Summary: VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

VAMI must be configured to monitor remote access.

DISA Rule

SV-239718r679338_rule

Vulnerability Number

V-239718

Group Title

SRG-APP-000016-WSR-000005

Rule Version

VCLD-67-000004

Severity

CAT II

CCI(s)

• CCI-000067 - The information system monitors remote access methods.
• CCI-001462 - The information system provides the capability for authorized users to capture/record and log content related to a user session.

Weight

10

Fix Recommendation

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf.

Add the following value in the "server.modules" section:

mod_accesslog

The result should be similar to the following:

server.modules = (
"mod_access",
"mod_accesslog",
"mod_proxy",
"mod_cgi",
"mod_rewrite",
"mod_magnet",
"mod_setenv",
# 7
)

Check Contents

At the command prompt, execute the following command:

# /opt/vmware/sbin/vami-lighttpd -p -f /opt/vmware/etc/lighttpd/lighttpd.conf|awk '/server\.modules/,/\)/'|grep mod_accesslog

Expected result:

"mod_accesslog",

If the output does not match the expected result, this is a finding.

Vulnerability Number

V-239718

Documentable

False

Rule Version

VCLD-67-000004

Severity Override Guidance

At the command prompt, execute the following command:

# /opt/vmware/sbin/vami-lighttpd -p -f /opt/vmware/etc/lighttpd/lighttpd.conf|awk '/server\.modules/,/\)/'|grep mod_accesslog

Expected result:

"mod_accesslog",

If the output does not match the expected result, this is a finding.

Check Content Reference

M

Target Key

5335

Comments