VCLD-67-000020 - VAMI must have resource mappings set to disable the serving of certain file types.

Information

Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and identify which file types are not to be delivered to a client.

By not specifying which files can and cannot be served to a user, VAMI could potentially deliver sensitive files.

Solution

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf.

Add or reconfigure the following value:

url.access-deny = ( '~', '.inc' )

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000381, Rule-ID|SV-239728r679294_rule, STIG-ID|VCLD-67-000020, Vuln-ID|V-239728

Plugin: Unix

Control ID: 73c7f72198edfd641dffaf672d32ec47a97d2e9d6b28c0e3f37d0983a1b3510b