STIGQter: STIG Summary: VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

HAProxy must limit access to the statistics feature.

DISA Rule

SV-99803r1_rule

Vulnerability Number

V-89153

Group Title

SRG-APP-000141-WSR-000075

Rule Version

VRAU-HA-000130

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Uninstall or deactivate features, services, and processes not needed by the web server for operation.

Check Contents

At the command prompt, execute the following command:

grep 'stats socket' /etc/haproxy/haproxy.cfg

If the command does not return the line below, this is a finding.

stats socket /var/run/haproxy.sock mode 600 level admin

Vulnerability Number

V-89153

Documentable

False

Rule Version

VRAU-HA-000130

Severity Override Guidance

At the command prompt, execute the following command:

grep 'stats socket' /etc/haproxy/haproxy.cfg

If the command does not return the line below, this is a finding.

stats socket /var/run/haproxy.sock mode 600 level admin

Check Content Reference

M

Target Key

3455

Comments