STIGQter STIGQter: STIG Summary: VMW vRealize Automation 7.x vAMI Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018: The vAMI must use the sfcb HTTPS port for communication with Lighttpd.

DISA Rule

SV-100869r1_rule

Vulnerability Number

V-90219

Group Title

SRG-APP-000142-AS-000014

Rule Version

VRAU-VA-000190

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

At the command prompt, type the following command to determine the sfcb httpsPort:

grep httpsPort /opt/vmware/etc/sfcb/sfcb.cfg | cut -d ':' -f 2 | tr -d ' '

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf. Navigate to the '$HTTP["url"] =~ "^/cimom"' block.

Configure the lighttpd.conf file with the following block:

$HTTP["url"] =~ "^/cimom" {
proxy.server = ( "" =>
((
"host" => "127.0.0.1",
"port" => "<port>"
))
)
}
Note: Substitute <port> in lighttpd.conf with the httpsPort number found in sfcb.cfg.

Check Contents

At the command prompt, execute the following command to determine the sfcb HTTPS port:

grep httpsPort /opt/vmware/etc/sfcb/sfcb.cfg | cut -d ':' -f 2 | tr -d ' '

If the httpsPort configuration is missing or commented out, this is a finding.

At the command prompt, type the following command to determine the port that Lighttpd is using to communicate with sfcb:

grep cimom -A 7 /opt/vmware/etc/lighttpd/lighttpd.conf | grep port | cut -d '=' -f 2 | tr -d '>' | tr -d ' ' | tr -d '"'

If Lighttpd is not using the sfcb HTTPS port for communication with the vAMI, this is a finding.

Vulnerability Number

V-90219

Documentable

False

Rule Version

VRAU-VA-000190

Severity Override Guidance

At the command prompt, execute the following command to determine the sfcb HTTPS port:

grep httpsPort /opt/vmware/etc/sfcb/sfcb.cfg | cut -d ':' -f 2 | tr -d ' '

If the httpsPort configuration is missing or commented out, this is a finding.

At the command prompt, type the following command to determine the port that Lighttpd is using to communicate with sfcb:

grep cimom -A 7 /opt/vmware/etc/lighttpd/lighttpd.conf | grep port | cut -d '=' -f 2 | tr -d '>' | tr -d ' ' | tr -d '"'

If Lighttpd is not using the sfcb HTTPS port for communication with the vAMI, this is a finding.

Check Content Reference

M

Target Key

3449

Comments