Rule ID
SV-269579r1053512_rule
Version
V1R2
If Xylok has unnecessary functionality enabled, the server may allow arbitrary code to run within the Xylok container. This would allow the user to potentially launch malicious acts against other hosts from inside the Xylok container. ENABLE_PP_TEST_API setting in the Xylok Security Suite refers to a configuration flag that enables a specific test API related to the policy processing (PP) functionalities of the suite. This setting is used primarily in development or testing environments to enable specific testing functionalities. Satisfies: SRG-APP-000141, SRG-APP-000246, SRG-APP-000247, SRG-APP-000384
Verify that Xylok's default ENABLE_PP_TEST_API status is disabled by using the following command: $ grep ENABLE_PP_TEST_API /etc/xylok.conf If "ENABLE_PP_TEST_API" exists (case insensitive), this is a finding.
Revert Xylok to its default configuration, which disables the post-processing test API:
1. As root, open /etc/xylok.conf in a text editor.
2. Delete any ENABLE_PP_TEST_API lines from configuration file.
3. Restart Xylok to apply settings:
# systemctl restart xylok