The Xylok Security Suite READONLY configuration must be True.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-269578 | XYLK-20-000052 | SV-269578r1054098_rule | CCI-001499 | medium |
| Description | ||||
| By default, the Xylok container is created not allowing users to modify any files inside the container. The only paths that can be altered are mounted from the host. Mount the database files from the host, so that the database server running inside the container can write data. If READONLY=false, then a user could go into the container as root and change other files. This approach helps protect the application from both external attacks and internal threats. | ||||
| STIG | Date | |||
| Xylok Security Suite 20.x Security Technical Implementation Guide | 2024-12-13 | |||
Details
Check Text (C-269578r1054098_chk)
Verify that Xylok's default read-only status is disabled by using the following command:
$ grep READONLY /etc/xylok.conf
If "READONLY" is set to False (case insensitive), is commented out or is missing, this is not a finding.
Fix Text (F-73512r1053508_fix)
Revert Xylok to its default read-only configuration:
1. As root, open /etc/xylok.conf in a text editor.
2. Add/Amend "READONLY=True" to the configuration file.
3. Restart Xylok to apply settings:
# systemctl restart xylok