STIGQter: STIG Summary: VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

Lighttpd must be configured to utilize the Common Information Model Object Manager.

DISA Rule

SV-99947r1_rule

Vulnerability Number

V-89297

Group Title

SRG-APP-000315-WSR-000003

Rule Version

VRAU-LI-000370

Severity

CAT I

CCI(s)

• CCI-002314 - The information system controls remote access methods.

Weight

10

Fix Recommendation

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf

Configure the lighttpd.conf with the following:

$HTTP["url"] =~ "^/cimom" {
proxy.server = ( "" =>
((
"host" => "127.0.0.1",
"port" => "5488"
))
)
}

Check Contents

At the command prompt, execute the following command:

cat /opt/vmware/etc/lighttpd/lighttpd.conf | awk '/cimom/,/}/'

Note: The return value should produce the following output:

$HTTP["url"] =~ "^/cimom" {
proxy.server = ( "" =>
((
"host" => "127.0.0.1",
"port" => "5488"
))
)
}

If the return value does not match the above output, this is a finding.

Vulnerability Number

V-89297

Documentable

False

Rule Version

VRAU-LI-000370

Severity Override Guidance

At the command prompt, execute the following command:

cat /opt/vmware/etc/lighttpd/lighttpd.conf | awk '/cimom/,/}/'

Note: The return value should produce the following output:

$HTTP["url"] =~ "^/cimom" {
proxy.server = ( "" =>
((
"host" => "127.0.0.1",
"port" => "5488"
))
)
}

If the return value does not match the above output, this is a finding.

Check Content Reference

M

Target Key

3457

Comments