STIGQter: STIG Summary: Citrix Virtual Apps and Desktop 7.x Linux Virtual Delivery Agent Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:

Citrix Linux Virtual Delivery Agent (LVDA) must be configured to prohibit or restrict the use of ports, as defined in the PPSM CAL and vulnerability assessments.

DISA Rule

SV-234259r628796_rule

Vulnerability Number

V-234259

Group Title

SRG-APP-000142

Rule Version

LVDA-VD-000275

Severity

CAT II

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

To change the VDA registration port from the default "80", create the Citrix Machine Policy and update the DDCs, as explained below:
1. Create a new Citrix Machine policy or edit an existing one.
2. Navigate to the Settings tab and select "Control Registration Port".
3. Update the Value to reflect the new port.
4. Select "OK".
5. Restart all desktops and wait until all the desktops report as Unregistered.
6. Update the DDCs VDA registration Port.
7. Restart all desktops and verify that all VDAs register successfully.

Check Contents

On Delivery Controllers, verify that only approved ports are used.

1. Open a command prompt.
2. Navigate to the Citrix install directory Program Files\Citrix\Broker\Service
3. Enter "BrokerService.exe /Show" to display the currently used ports.

If an unapproved port is used, this is a finding.

Vulnerability Number

V-234259

Documentable

False

Rule Version

LVDA-VD-000275

Severity Override Guidance

On Delivery Controllers, verify that only approved ports are used.

1. Open a command prompt.
2. Navigate to the Citrix install directory Program Files\Citrix\Broker\Service
3. Enter "BrokerService.exe /Show" to display the currently used ports.

If an unapproved port is used, this is a finding.

Check Content Reference

M

Target Key

5266

Comments