VCLD-67-000032 - VAMI configuration files must be protected from unauthorized access - etc

Information

Accounts on the VAMI server are to be kept to a minimum. Only administrators, web managers, developers, auditors, and web authors require accounts on the machine hosting the Lighttpd server. The resources to which these accounts have access must also be closely monitored and controlled. Only the system administrator needs access to all of the system's capabilities, while the web administrator and associated staff require access and control of the web content and the Lighttpd server configuration files.

Solution

At the command prompt, enter the following command:

# chmod 644 <file>
# chown root:root <file>

Note: Replace <file> with every file returned from the command in the check.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-5(1), CAT|II, CCI|CCI-001813, Rule-ID|SV-239739r879753_rule, STIG-ID|VCLD-67-000032, Vuln-ID|V-239739

Plugin: Unix

Control ID: ad81b83e4cdb4035a7bf0f50d657a1820e7572bc9951bd99df750e600e842f4a