VAMI must only load allowed server modules.

An XCCDF Rule

Details
Profiles

Description

A web server can provide many features, services, and processes. Some of these may be deemed unnecessary or too unsecure to run on a production DOD system. VAMI can be configured to load any number of external modules, but only a specific few are provided and supported by VMware. Additional, unexpected modules must be removed.

ID: SV-256654r888484_rule
Version: VCLD-70-000010
Severity: Medium
References: CCI-000381
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/opt/vmware/etc/lighttpd/lighttpd.conf

Configure the "server.modules" section to the following:
server.modules = (
  "mod_access",
  "mod_accesslog",
  "mod_proxy",
  "mod_cgi",
  "mod_rewrite",
)
server.modules += ( "mod_magnet" )

Restart the service with the following command:

# vmon-cli --restart applmgmt

VAMI must only load allowed server modules.

Description

Remediation Templates

A Manual Procedure