VAMI must prevent hosted applications from exhausting system resources.

An XCCDF Rule

Description

<VulnDiscussion>Most of the attention to denial-of-service (DoS) attacks focuses on ensuring that systems and applications are not victims of these attacks. However, these systems and applications must also be secured against use to launch such an attack against others. A variety of technologies exist to limit or, in some cases, eliminate the effects of DoS attacks. Limiting system resources that are allocated to any user to a bare minimum may also reduce the ability of users to launch some DoS attacks. One DoS mitigation is to prevent VAMI from keeping idle connections open for too long.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256660r888502_rule
Severity: Medium
References: CCI-000381
Updated: 8 months ago

Navigate to and open:

/opt/vmware/etc/lighttpd/lighttpd.conf file.

Add or reconfigure the following value:
server.max-keep-alive-idle = 30

Restart the service with the following command:

# vmon-cli --restart applmgmt

VAMI must prevent hosted applications from exhausting system resources.

Description

Remediation - Manual Procedure