Lighttpd must be protected from being stopped by a non-privileged user.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-89311 | VRAU-LI-000450 | SV-99961r1_rule | Medium |
| Description |
|---|
| An attacker has at least two reasons to stop a web server. The first is to cause a DoS, and the second is to put in place changes the attacker made to the web server configuration. To prohibit an attacker from stopping the Lighttpd, the process ID (pid) must be owned by privileged users. |
| STIG | Date |
|---|---|
| VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide | 2018-10-12 |
Details
| Check Text ( C-89003r1_chk ) |
|---|
| At the command prompt, execute the following command: ps -f -U root | awk '$0 ~ /vami-lighttpd/ && $0 !~ /awk/ {print}' If the "vami-lighttpd" process is not owned by "root", this is a finding. |
| Fix Text (F-96053r1_fix) |
|---|
| Note: The following command must be ran as root. At the command prompt, execute the following command: /opt/vmware/etc/init.d/vami-lighttpd restart |