STIGQter: STIG Summary: VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

HAProxy must set an inactive timeout on sessions.

DISA Rule

SV-99833r1_rule

Vulnerability Number

V-89183

Group Title

SRG-APP-000295-WSR-000134

Rule Version

VRAU-HA-000330

Severity

CAT II

CCI(s)

• CCI-002361 - The information system automatically terminates a user session after organization-defined conditions or trigger events requiring session disconnect.

Weight

10

Fix Recommendation

Navigate to and open the following files:

/etc/haproxy/conf.d/30-vro-config.cfg
/etc/haproxy/conf.d/20-vcac.cfg

Navigate to each backend section that sets a cookie in each file.

Configure the backend with the following:

appsession <cookie> len 64 timeout 5m

Note: The value for <cookie> is defined in the "cookie" option for each backend and may be different.

Check Contents

Navigate to and open the following files:

/etc/haproxy/conf.d/20-vcac.cfg
/etc/haproxy/conf.d/30-vro-config.cfg

Verify that each backend that sets a cookie is configured with the following:

appsession <cookie> len 64 timeout 5m

Note: The value for <cookie> is defined in the "cookie" option for each backend and may be different.

If the "appsession" option is not present or is not configured as shown, this is a finding.

Vulnerability Number

V-89183

Documentable

False

Rule Version

VRAU-HA-000330

Severity Override Guidance

Navigate to and open the following files:

/etc/haproxy/conf.d/20-vcac.cfg
/etc/haproxy/conf.d/30-vro-config.cfg

Verify that each backend that sets a cookie is configured with the following:

appsession <cookie> len 64 timeout 5m

Note: The value for <cookie> is defined in the "cookie" option for each backend and may be different.

If the "appsession" option is not present or is not configured as shown, this is a finding.

Check Content Reference

M

Target Key

3455

Comments