The Automation Controller NGINX web server must use cryptography on all remote connections.

The Automation Controller NGINX web server must use cryptography on all remote connections.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-256942	APWS-AT-000040	SV-256942r903519_rule		Medium

Description
Nondisplayed data on a web page may expose information that could put the organization at risk and negatively affect data integrity. Automation Controller's web server must be configured such that all connections, regardless of their origin, between the server and the user are encrypted using cryptography.

STIG	Date
Red Hat Ansible Automation Controller Web Server Security Technical Implementation Guide	2023-03-15

Details

Check Text ( C-60617r903519_chk )
As any user, execute the following command, substituting "" for the hostname of the Automation Controller: curl -s -w '%{redirect_url}\n' -o /dev/null http:///api/v2/ping/ \| grep '^https' >/dev/null \|\| echo FAILED If "FAILED" is displayed, this is a finding.

Fix Text (F-60559r902339_fix)
As a System Administrator, locate the inventory file used to install Ansible Automation Platform (usually in the installer directory). Edit this file and ensure the "nginx_disable_https" variable is absent or is set to "false". Run the setup.sh command in the installer directory to reconfigure the controller to use the new setting: sudo ./setup.sh