The vCenter VAMI service must restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks.

An XCCDF Rule

Description

<VulnDiscussion>In UNIX and related computer operating systems, a file descriptor is an indicator used to access a file or other input/output resource, such as a pipe or network connection. File descriptors index into a per-process file descriptor table maintained by the kernel, which in turn indexes into a systemwide table of files opened by all processes, called the file table. As a single-threaded server, Lighttpd must be limited in the number of file descriptors that can be allocated. This will prevent Lighttpd from being used in a form of DoS attack against the operating system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-259149r935351_rule
Severity: Medium
References: CCI-001094
Updated: 17 days ago

Navigate to and open:

/opt/vmware/etc/lighttpd/lighttpd.conf

Add or reconfigure the following value:
server.max-fds = 2048

Restart the service with the following command:

# vmon-cli --restart applmgmt

The vCenter VAMI service must restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks.

Description

Remediation - Manual Procedure