| Checked | Name | Title |
|---|
| ☐ | SV-99789r1_rule | HAProxy must use a logging mechanism that is configured to alert the ISSO and SA in the event of a processing failure. |
| ☐ | SV-99791r1_rule | HAProxy log files must not be accessible to unauthorized users. |
| ☐ | SV-99793r1_rule | HAProxy log files must be protected from unauthorized modification. |
| ☐ | SV-99795r1_rule | HAProxy log files must be protected from unauthorized deletion. |
| ☐ | SV-99797r1_rule | HAProxy log files must be backed up onto a different system or media. |
| ☐ | SV-99799r1_rule | HAProxy files must be verified for their integrity (checksums) before being added to the build systems. |
| ☐ | SV-99801r1_rule | HAProxy expansion modules must be verified for their integrity (checksums) before being added to the build systems. |
| ☐ | SV-99803r1_rule | HAProxy must limit access to the statistics feature. |
| ☐ | SV-99805r1_rule | HAProxy must not contain any documentation, sample code, example applications, and tutorials. |
| ☐ | SV-99807r1_rule | HAProxy must be run in a chroot jail. |
| ☐ | SV-99809r1_rule | HAProxy frontend servers must be bound to a specific port. |
| ☐ | SV-99811r1_rule | HAProxy must use SSL/TLS protocols in order to secure passwords during transmission from the client. |
| ☐ | SV-99813r1_rule | HAProxy must perform RFC 5280-compliant certification path validation if PKI is being used. |
| ☐ | SV-99815r1_rule | HAProxys private key must have access restricted. |
| ☐ | SV-99817r1_rule | HAProxy must be configured to use only FIPS 140-2 approved ciphers. |
| ☐ | SV-99819r1_rule | HAProxy must prohibit anonymous users from editing system files. |
| ☐ | SV-99821r1_rule | The HAProxy baseline must be documented and maintained. |
| ☐ | SV-99823r1_rule | HAProxy must be configured to validate the configuration files during start and restart events. |
| ☐ | SV-99825r1_rule | HAProxy must limit the amount of time that half-open connections are kept alive. |
| ☐ | SV-99827r1_rule | HAProxy must provide default error files. |
| ☐ | SV-99829r1_rule | HAProxy must not be started with the debug switch. |
| ☐ | SV-99831r1_rule | HAProxy must set an absolute timeout on sessions. |
| ☐ | SV-99833r1_rule | HAProxy must set an inactive timeout on sessions. |
| ☐ | SV-99835r1_rule | HAProxy must redirect all http traffic to use https. |
| ☐ | SV-99837r1_rule | HAProxy must restrict inbound connections from nonsecure zones. |
| ☐ | SV-99839r1_rule | HAProxy must be configured to use syslog. |
| ☐ | SV-99841r1_rule | HAProxy must not impede the ability to write specified log record content to an audit log server. |
| ☐ | SV-99843r1_rule | HAProxy must be configurable to integrate with an organizations security infrastructure. |
| ☐ | SV-99845r1_rule | HAProxy must use the httplog option. |
| ☐ | SV-99847r1_rule | HAProxy libraries, and configuration files must only be accessible to privileged users. |
| ☐ | SV-99849r1_rule | HAProxy psql-local frontend must be bound to port 5433. |
| ☐ | SV-99851r1_rule | HAProxy vcac frontend must be bound to ports 80 and 443. |
| ☐ | SV-99853r1_rule | HAProxy vro frontend must be bound to the correct port 8283. |
| ☐ | SV-99855r1_rule | HAProxy must be configured with FIPS 140-2 compliant ciphers for https connections. |
| ☐ | SV-99857r1_rule | HAProxy must be protected from being stopped by a non-privileged user. |
| ☐ | SV-99859r1_rule | HAProxy must be configured to use SSL/TLS. |
| ☐ | SV-99861r1_rule | HAProxy must set the no-sslv3 value on all client ports. |
| ☐ | SV-99863r1_rule | HAProxy must remove all export ciphers. |
| ☐ | SV-99865r1_rule | HAProxy must have the latest approved security-relevant software updates installed. |
| ☐ | SV-99867r1_rule | HAProxy must set the maxconn value. |
| ☐ | SV-100947r1_rule | HAProxy must limit the amount of time that an http request can be received. |
| ☐ | SV-100949r1_rule | HAProxy must enable cookie-based persistence in a backend. |
| ☐ | SV-100951r1_rule | HAProxy must be configured with FIPS 140-2 compliant ciphers for https connections. |
| ☐ | SV-100953r1_rule | HAProxy must be configured to use TLS for https connections. |
| ☐ | SV-100955r1_rule | HAProxy must be configured to use syslog. |
| ☐ | SV-100957r1_rule | HAProxy must generate log records for system startup and shutdown. |
| ☐ | SV-100959r1_rule | HAProxy must log what type of events occurred. |
| ☐ | SV-100961r1_rule | HAProxy must log when events occurred. |
| ☐ | SV-100963r1_rule | HAProxy must log where events occurred. |
| ☐ | SV-100965r1_rule | HAProxy must log the source of events. |
| ☐ | SV-100967r1_rule | HAProxy must log the outcome of events. |
| ☐ | SV-100969r1_rule | HAProxy must log the session ID from the request headers. |
| ☐ | SV-100971r1_rule | HAProxy session IDs must be sent to the client using SSL/TLS. |
| ☐ | SV-100973r1_rule | HAProxy must maintain the confidentiality and integrity of information during reception. |
STIGQter: STIG Summary: