DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3

Audit Details

Name: DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3

Updated: 6/17/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 45

File Details

Filename: DISA_STIG_VMware_vSphere_6.7_VAMI-lighttpd_v1r3.audit

Size: 82.6 kB

MD5: 293ec8db33f3625a82cca3e72d3db497
SHA256: d0ed9d51a5e6750b5f698f3848b4a32b5f009b9d9a70d3a6011196026c8e4176

Audit Items

DescriptionCategories
DISA_STIG_VMware_vSphere_6.7_VAMI-lighttpd_v1r3.audit from DISA VMware vSphere 6.7 VAMI-lighttpd v1r3 STIG
VCLD-67-000001 - VAMI must limit the number of simultaneous requests.

ACCESS CONTROL

VCLD-67-000002 - VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections.

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

VCLD-67-000003 - VAMI must use cryptography to protect the integrity of remote sessions.

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

VCLD-67-000004 - VAMI must be configured to monitor remote access.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

VCLD-67-000005 - VAMI must generate log records for system startup and shutdown.

AUDIT AND ACCOUNTABILITY

VCLD-67-000006 - VAMI must produce log records containing sufficient information to establish what type of events occurred.

AUDIT AND ACCOUNTABILITY

VCLD-67-000011 - VAMI log files must only be accessible by privileged users - access.log

AUDIT AND ACCOUNTABILITY

VCLD-67-000011 - VAMI log files must only be accessible by privileged users - error.log

AUDIT AND ACCOUNTABILITY

VCLD-67-000014 - Rsyslog must be configured to monitor VAMI logs.

AUDIT AND ACCOUNTABILITY

VCLD-67-000015 - VAMI server binaries and libraries must be verified for their integrity.

CONFIGURATION MANAGEMENT

VCLD-67-000016 - VAMI must only load allowed server modules - mod_access

CONFIGURATION MANAGEMENT

VCLD-67-000016 - VAMI must only load allowed server modules - mod_accesslog

CONFIGURATION MANAGEMENT

VCLD-67-000016 - VAMI must only load allowed server modules - mod_cgi

CONFIGURATION MANAGEMENT

VCLD-67-000016 - VAMI must only load allowed server modules - mod_magnet

CONFIGURATION MANAGEMENT

VCLD-67-000016 - VAMI must only load allowed server modules - mod_proxy

CONFIGURATION MANAGEMENT

VCLD-67-000016 - VAMI must only load allowed server modules - mod_rewrite

CONFIGURATION MANAGEMENT

VCLD-67-000016 - VAMI must only load allowed server modules - mod_setenv

CONFIGURATION MANAGEMENT

VCLD-67-000017 - VAMI must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.

CONFIGURATION MANAGEMENT

VCLD-67-000018 - VAMI must explicitly disable Multipurpose Internet Mail Extensions (MIME) mappings based on 'Content-Type' - Content-Type.

CONFIGURATION MANAGEMENT

VCLD-67-000019 - VAMI must remove all mappings to unused scripts - cgi

CONFIGURATION MANAGEMENT

VCLD-67-000019 - VAMI must remove all mappings to unused scripts - erb

CONFIGURATION MANAGEMENT

VCLD-67-000019 - VAMI must remove all mappings to unused scripts - pl

CONFIGURATION MANAGEMENT

VCLD-67-000019 - VAMI must remove all mappings to unused scripts - py

CONFIGURATION MANAGEMENT

VCLD-67-000019 - VAMI must remove all mappings to unused scripts - rb

CONFIGURATION MANAGEMENT

VCLD-67-000020 - VAMI must have resource mappings set to disable the serving of certain file types.

CONFIGURATION MANAGEMENT

VCLD-67-000021 - VAMI must not have the Web Distributed Authoring (WebDAV) servlet installed.

CONFIGURATION MANAGEMENT

VCLD-67-000022 - VAMI must prevent hosted applications from exhausting system resources.

CONFIGURATION MANAGEMENT

VCLD-67-000023 - VAMI must not have any symbolic links in the web content directory tree.

CONFIGURATION MANAGEMENT

VCLD-67-000025 - VAMI must protect the keystore from unauthorized access.

IDENTIFICATION AND AUTHENTICATION

VCLD-67-000026 - VAMI must restrict access to the web root.

SYSTEM AND COMMUNICATIONS PROTECTION

VCLD-67-000027 - VAMI must protect against or limit the effects of HTTP types of denial-of-service (DoS) attacks.

SYSTEM AND COMMUNICATIONS PROTECTION

VCLD-67-000028 - VAMI must set the encoding for all text mime types to UTF-8.

SYSTEM AND INFORMATION INTEGRITY

VCLD-67-000029 - VAMI must disable directory browsing.

SYSTEM AND INFORMATION INTEGRITY

VCLD-67-000030 - VAMI must not be configured to use 'mod_status' - mod_status.

SYSTEM AND INFORMATION INTEGRITY

VCLD-67-000031 - VAMI must have debug logging disabled.

SYSTEM AND INFORMATION INTEGRITY

VCLD-67-000032 - VAMI configuration files must be protected from unauthorized access - etc

CONFIGURATION MANAGEMENT

VCLD-67-000032 - VAMI configuration files must be protected from unauthorized access - opt

CONFIGURATION MANAGEMENT

VCLD-67-000033 - VAMI must be protected from being stopped by a non-privileged user.

SYSTEM AND COMMUNICATIONS PROTECTION

VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - sslv2

SYSTEM AND COMMUNICATIONS PROTECTION

VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - sslv3

SYSTEM AND COMMUNICATIONS PROTECTION

VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv10

SYSTEM AND COMMUNICATIONS PROTECTION

VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv11

SYSTEM AND COMMUNICATIONS PROTECTION

VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv12

SYSTEM AND COMMUNICATIONS PROTECTION

VCLD-67-000999 - The version of VAMI-lighttpd running on the system must be a supported version.

SYSTEM AND INFORMATION INTEGRITY