VCLD-67-000033 - VAMI must be protected from being stopped by a non-privileged user.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration. Therefore, only administrators should ever be able to stop VAMI.

The VAMI is configured out of the box to be owned by root. This configuration must be verified and maintained.

Solution

Navigate to and open /usr/lib/systemd/system/vami-lighttp.service in a text editor.

Under the '[Service]' section, remove the line that beings with 'User='.

At the command prompt, execute the following command:

# service vami-lighttp restart

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y22M10_STIG.zip

Item Details

References: CAT|II, CCI|CCI-002385, Rule-ID|SV-239740r816829_rule, STIG-ID|VCLD-67-000033, Vuln-ID|V-239740

Plugin: Unix

Control ID: 3bbb739f8c79fb1b1eb305ad607af16aa32ede223d2301458edc09af442d6233