STIGQter STIGQter: STIG Summary:

VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide

Version: 1

Release: 1 Benchmark Date: 28 Sep 2018

SV-99789r1_ruleHAProxy must use a logging mechanism that is configured to alert the ISSO and SA in the event of a processing failure.
SV-99791r1_ruleHAProxy log files must not be accessible to unauthorized users.
SV-99793r1_ruleHAProxy log files must be protected from unauthorized modification.
SV-99795r1_ruleHAProxy log files must be protected from unauthorized deletion.
SV-99797r1_ruleHAProxy log files must be backed up onto a different system or media.
SV-99799r1_ruleHAProxy files must be verified for their integrity (checksums) before being added to the build systems.
SV-99801r1_ruleHAProxy expansion modules must be verified for their integrity (checksums) before being added to the build systems.
SV-99803r1_ruleHAProxy must limit access to the statistics feature.
SV-99805r1_ruleHAProxy must not contain any documentation, sample code, example applications, and tutorials.
SV-99807r1_ruleHAProxy must be run in a chroot jail.
SV-99809r1_ruleHAProxy frontend servers must be bound to a specific port.
SV-99811r1_ruleHAProxy must use SSL/TLS protocols in order to secure passwords during transmission from the client.
SV-99813r1_ruleHAProxy must perform RFC 5280-compliant certification path validation if PKI is being used.
SV-99815r1_ruleHAProxys private key must have access restricted.
SV-99817r1_ruleHAProxy must be configured to use only FIPS 140-2 approved ciphers.
SV-99819r1_ruleHAProxy must prohibit anonymous users from editing system files.
SV-99821r1_ruleThe HAProxy baseline must be documented and maintained.
SV-99823r1_ruleHAProxy must be configured to validate the configuration files during start and restart events.
SV-99825r1_ruleHAProxy must limit the amount of time that half-open connections are kept alive.
SV-99827r1_ruleHAProxy must provide default error files.
SV-99829r1_ruleHAProxy must not be started with the debug switch.
SV-99831r1_ruleHAProxy must set an absolute timeout on sessions.
SV-99833r1_ruleHAProxy must set an inactive timeout on sessions.
SV-99835r1_ruleHAProxy must redirect all http traffic to use https.
SV-99837r1_ruleHAProxy must restrict inbound connections from nonsecure zones.
SV-99839r1_ruleHAProxy must be configured to use syslog.
SV-99841r1_ruleHAProxy must not impede the ability to write specified log record content to an audit log server.
SV-99843r1_ruleHAProxy must be configurable to integrate with an organizations security infrastructure.
SV-99845r1_ruleHAProxy must use the httplog option.
SV-99847r1_ruleHAProxy libraries, and configuration files must only be accessible to privileged users.
SV-99849r1_ruleHAProxy psql-local frontend must be bound to port 5433.
SV-99851r1_ruleHAProxy vcac frontend must be bound to ports 80 and 443.
SV-99853r1_ruleHAProxy vro frontend must be bound to the correct port 8283.
SV-99855r1_ruleHAProxy must be configured with FIPS 140-2 compliant ciphers for https connections.
SV-99857r1_ruleHAProxy must be protected from being stopped by a non-privileged user.
SV-99859r1_ruleHAProxy must be configured to use SSL/TLS.
SV-99861r1_ruleHAProxy must set the no-sslv3 value on all client ports.
SV-99863r1_ruleHAProxy must remove all export ciphers.
SV-99865r1_ruleHAProxy must have the latest approved security-relevant software updates installed.
SV-99867r1_ruleHAProxy must set the maxconn value.
SV-100947r1_ruleHAProxy must limit the amount of time that an http request can be received.
SV-100949r1_ruleHAProxy must enable cookie-based persistence in a backend.
SV-100951r1_ruleHAProxy must be configured with FIPS 140-2 compliant ciphers for https connections.
SV-100953r1_ruleHAProxy must be configured to use TLS for https connections.
SV-100955r1_ruleHAProxy must be configured to use syslog.
SV-100957r1_ruleHAProxy must generate log records for system startup and shutdown.
SV-100959r1_ruleHAProxy must log what type of events occurred.
SV-100961r1_ruleHAProxy must log when events occurred.
SV-100963r1_ruleHAProxy must log where events occurred.
SV-100965r1_ruleHAProxy must log the source of events.
SV-100967r1_ruleHAProxy must log the outcome of events.
SV-100969r1_ruleHAProxy must log the session ID from the request headers.
SV-100971r1_ruleHAProxy session IDs must be sent to the client using SSL/TLS.
SV-100973r1_ruleHAProxy must maintain the confidentiality and integrity of information during reception.