← Back to Red Hat Ansible Automation Controller Web Server Security Technical Implementation Guide

V-256942

CAT II (Medium)

The Automation Controller NGINX web server must use cryptography on all remote connections.

Rule ID

SV-256942r960762_rule

STIG

Red Hat Ansible Automation Controller Web Server Security Technical Implementation Guide

Version

V2R3

CCIs

None

Discussion

Nondisplayed data on a web page may expose information that could put the organization at risk and negatively affect data integrity. Automation Controller's web server must be configured such that all connections, regardless of their origin, between the server and the user are encrypted using cryptography.

Check Content

As any user, execute the following command, substituting "<controller_fqdn>" for the hostname of the Automation Controller:

curl -s -w '%{redirect_url}\n' -o /dev/null http://<controller_fqdn>/api/v2/ping/  | grep '^https' >/dev/null || echo FAILED

If "FAILED" is displayed, this is a finding.

Fix Text

As a System Administrator, locate the inventory file used to install Ansible Automation Platform (usually in the installer directory). Edit this file and ensure the "nginx_disable_https" variable is absent or is set to "false".

Run the setup.sh command in the installer directory to reconfigure the controller to use the new setting:

sudo ./setup.sh