VCLD-67-000027 - VAMI must protect against or limit the effects of HTTP types of denial-of-service (DoS) attacks.

Information

In UNIX and related computer operating systems, a file descriptor is an indicator used to access a file or other input/output resource, such as a pipe or network connection. File descriptors index into a per-process file descriptor table maintained by the kernel, which in turn indexes into a system-wide table of files opened by all processes, called the file table.

As a single-threaded server, Lighttpd must be limited in the number of file descriptors that can be allocated. This will prevent Lighttpd from being used in a form of DoS attack against the operating system.

Solution

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf.

Add or reconfigure the following value:

server.max-fds = 2048

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5(1), CAT|II, CCI|CCI-001094, Rule-ID|SV-239734r879650_rule, STIG-ID|VCLD-67-000027, Vuln-ID|V-239734

Plugin: Unix

Control ID: 4ca76233b4f44cb0f65f5a85eea2c40e6019da1f987707d5f50999b9883e5757