Red Hat Ansible Automation Controller Web Server Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000141-WSR-000015
Group -
SRG-APP-000141-WSR-000076
Group -
All Automation Controller NGINX web servers must not be a proxy server for any process other than the Automation Controller application.
The Automation Controller NGINX web server must be primarily a web server or a proxy server but not both, for the same reasons that other multi-use servers are not recommended. Scanning for web ser...Rule Medium Severity -
SRG-APP-000141-WSR-000078
Group -
All Automation Controller NGINX webserver accounts not utilized by installed features (i.e., tools, utilities, specific services, etc.) must not be created and must be deleted when the web server feature is uninstalled.
If web server accounts are not being used, they must be deleted when the web server is uninstalled. This is because the accounts become stale over time and are not tended to. Best practice also dic...Rule Medium Severity -
SRG-APP-000141-WSR-000081
Group -
All Automation Controller NGINX web servers must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.
Controlling what a user of a hosted application can access is part of the security posture of the Automation Controller NGINX web server. Any time a user can access more functionality than is need...Rule Medium Severity -
SRG-APP-000141-WSR-000085
Group -
SRG-APP-000141-WSR-000086
Group -
All Automation Controller NGINX web servers must protect system resources and privileged operations from hosted applications.
Automation Controller NGINX web servers may host too many applications. Each application will need certain system resources and privileged operations to operate correctly. The Automation Controller...Rule Low Severity -
SRG-APP-000142-WSR-000089
Group -
SRG-APP-000176-WSR-000096
Group -
Only authenticated system administrators or the designated PKI Sponsor for an Automation Controller NGINX web server must have access to any Automation Controller NGINX web server's private key.
Each Automation Controller NGINX web server's private key is used to prove the identity of the server to clients and securely exchange the shared secret key used to encrypt communications between t...Rule Medium Severity -
SRG-APP-000211-WSR-000030
Group -
All Automation Controller NGINX web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.
AIT is important to limit access to Automation Controller nginx web servers and provide access on a need-to-know basis. For example, only System Administrators must have access to all the system's ...Rule Medium Severity -
SRG-APP-000223-WSR-000011
Group -
SRG-APP-000233-WSR-000146
Group -
The Automation Controller NGINX web server document directory must be in a separate partition from the web server's system files.
It is important that Automation Controller NGINX web server restricts the ability of clients to launch denial-of-service (DoS) attacks against other information systems or networks by disallowing a...Rule Medium Severity -
SRG-APP-000251-WSR-000157
Group -
SRG-APP-000266-WSR-000142
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.