Skip to content

Nonprivileged accounts on the hosting system must only access Automation Controller NGINX web server security-relevant information and functions through a distinct administrative account.

An XCCDF Rule

Description

<VulnDiscussion>It is important that Automation Controller NGINX web server security features are separated from nonprivileged users. Special “privileged” roles need to be developed so that only they can have access to those features and administer the web server, when necessary. These privileged roles will be better trained in the security features and will limit loss of data for forensic analysis and limits accidental changes to the web server. Without isolating privileged users from nonprivileged users when administering to the web server, organizations run the risk of having limited access to forensic data, as well as increased risk of accidental changes, by nonprivileged and presumably less-trained individuals. Satisfies: SRG-APP-000340-WSR-000029, SRG-APP-000211-WSR-000031</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-256960r961353_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

As a system administrator, for each Automation Controller NGINX web server host, set the permissions and owner of Automation Controller web server program configuration directory:

sudo chown -R root:root /etc/nginx/
sudo chmod 755 /etc/nginx /etc/nginx
sudo chmod 755 /etc/nginx /etc/nginx/conf.d
sudo chmod 644 /etc/nginx/nginx.conf