STIGQter STIGQter: STIG Summary:

VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide

Version: 1

Release: 1 Benchmark Date: 09 Mar 2021

SV-239715r679255_ruleVAMI must limit the number of simultaneous requests.
SV-239716r679258_ruleVAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections.
SV-239717r679261_ruleVAMI must use cryptography to protect the integrity of remote sessions.
SV-239718r679338_ruleVAMI must be configured to monitor remote access.
SV-239719r679267_ruleVAMI must generate log records for system startup and shutdown.
SV-239720r679270_ruleVAMI must produce log records containing sufficient information to establish what type of events occurred.
SV-239721r679273_ruleVAMI log files must only be accessible by privileged users.
SV-239722r679276_ruleRsyslog must be configured to monitor VAMI logs.
SV-239723r679279_ruleVAMI server binaries and libraries must be verified for their integrity.
SV-239724r679282_ruleVAMI must only load allowed server modules.
SV-239725r679285_ruleVAMI must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.
SV-239726r679288_ruleVAMI must explicitly disable Multipurpose Internet Mail Extensions (MIME) mime mappings based on "Content-Type".
SV-239727r679291_ruleVAMI must remove all mappings to unused scripts.
SV-239728r679294_ruleVAMI must have resource mappings set to disable the serving of certain file types.
SV-239729r679297_ruleVAMI must not have the Web Distributed Authoring (WebDAV) servlet installed.
SV-239730r679300_ruleVAMI must prevent hosted applications from exhausting system resources.
SV-239731r679303_ruleVAMI must not have any symbolic links in the web content directory tree.
SV-239732r679306_ruleVAMI must protect the keystore from unauthorized access.
SV-239733r679309_ruleVAMI must restrict access to the web root.
SV-239734r679312_ruleVAMI must protect against or limit the effects of HTTP types of denial-of-service (DoS) attacks.
SV-239735r679315_ruleVAMI must set the encoding for all text mime types to UTF-8.
SV-239736r679318_ruleVAMI must disable directory browsing.
SV-239737r679321_ruleVAMI must not be configured to use "mod_status".
SV-239738r679324_ruleVAMI must have debug logging disabled.
SV-239739r679327_ruleVAMI configuration files must be protected from unauthorized access.
SV-239740r679330_ruleVAMI must be protected from being stopped by a non-privileged user.
SV-239741r679333_ruleVAMI must implement TLS1.2 exclusively.