VAMI must only load allowed server modules.

An XCCDF Rule

Description

<VulnDiscussion>A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DOD system. VAMI can be configured to load any number of external modules, but only a specific few are provided and supported by VMware. Additional, unexpected modules must be removed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256654r888484_rule
Severity: Medium
References: CCI-000381
Updated: 8 months ago

Navigate to and open:

/opt/vmware/etc/lighttpd/lighttpd.conf

Configure the "server.modules" section to the following:
server.modules = (
  "mod_access",
  "mod_accesslog",
  "mod_proxy",
  "mod_cgi",
  "mod_rewrite",
)
server.modules += ( "mod_magnet" )

Restart the service with the following command:

# vmon-cli --restart applmgmt

VAMI must only load allowed server modules.

Description

Remediation - Manual Procedure