The Xylok Security Suite configuration for DEBUG must be False.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-269580 | XYLK-20-000109 | SV-269580r1053515_rule | CCI-001312 | medium |
| Description | ||||
| Providing too much information in error messages risks compromising the data and security of the Xylok Security Suite and system. If DEBUG is set to True, it will show stack traces in error messages to assist with contact Xylok Support, but potentially reveal secure information. | ||||
| STIG | Date | |||
| Xylok Security Suite 20.x Security Technical Implementation Guide | 2024-12-13 | |||
Details
Check Text (C-269580r1053515_chk)
Verify DEBUG is configured. Execute the following:
$ grep DEBUG /etc/xylok.conf
DEBUG=False
If "DEBUG" is not set to False or is missing, this is a finding.
Fix Text (F-73514r1053514_fix)
Set DEBUG:
1. As root, open /etc/xylok.conf in a text editor.
2. Add/Amend "DEBUG=False" to the configuration file.
3. Restart Xylok to apply settings by executing the following:
# systemctl restart xylok