STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

Version

V1R2

Benchmark ID

VMW_vRealize_Automation_7-x_Lighttpd_STIG

Total Checks

62

Tags

vmware

CAT I: 7CAT II: 55CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (62)

V-240215MEDIUMLighttpd must limit the number of simultaneous requests.V-240216MEDIUMLighttpd must be configured with FIPS 140-2 compliant ciphers for https connections.V-240217MEDIUMLighttpd must be configured to use the SSL engine.V-240218MEDIUMLighttpd must be configured to use mod_accesslog.V-240219MEDIUMLighttpd must generate log records for system startup and shutdown.V-240220MEDIUMLighttpd must produce log records containing sufficient information to establish what type of events occurred.V-240221MEDIUMLighttpd must produce log records containing sufficient information to establish when (date and time) events occurred.V-240222MEDIUMLighttpd must produce log records containing sufficient information to establish where within the web server the events occurred.V-240223MEDIUMLighttpd must produce log records containing sufficient information to establish the source of events.V-240224MEDIUMLighttpd must produce log records containing sufficient information to establish the outcome (success or failure) of events.V-240225MEDIUMLighttpd must have the correct ownership on the log files to ensure they are only be accessible by privileged users.V-240226MEDIUMLighttpd must have the correct group-ownership on the log files to ensure they are only be accessible by privileged users.V-240227MEDIUMLighttpd must have the correct permissions on the log files to ensure they are only be accessible by privileged users.V-240228MEDIUMLighttpd must have the correct ownership on the log files to ensure they are protected from unauthorized modification.V-240229MEDIUMLighttpd must have the correct group-ownership on the log files to ensure they are protected from unauthorized modification.V-240230MEDIUMLighttpd must have the correct permissions on the log files to ensure they are protected from unauthorized modification.V-240231MEDIUMLighttpd must have the correct ownership on the log files to ensure they are protected from unauthorized deletion.V-240232MEDIUMLighttpd must have the correct group-ownership on the log files to ensure they are protected from unauthorized deletion.V-240233MEDIUMLighttpd must have the correct permissions on the log files to ensure they are protected from unauthorized deletion.V-240234MEDIUMLighttpd log data and records must be backed up onto a different system or media.V-240235MEDIUMLighttpd files must be verified for their integrity before being added to a production web server.V-240236MEDIUMLighttpd expansion modules must be verified for their integrity before being added to a production web server.V-240237MEDIUMLighttpd must prohibit unnecessary services, functions or processes.V-240238MEDIUMLighttpd proxy settings must be configured.V-240239HIGHLighttpd must only contain components that are operationally necessary.V-240240MEDIUMLighttpd must have MIME types for csh or sh shell programs disabled.V-240241MEDIUMLighttpd must only enable mappings to necessary and approved scripts.V-240242MEDIUMLighttpd must have resource mappings set to disable the serving of certain file types.V-240243MEDIUMLighttpd must not have the Web Distributed Authoring (WebDAV) module installed.V-240244MEDIUMLighttpd must not have the webdav configuration file included.V-240245MEDIUMLighttpd must prevent hosted applications from exhausting system resources.V-240246HIGHLighttpd must not use symbolic links in the Lighttpd web content directory tree.V-240247MEDIUMLighttpd must be configured to use port 5480.V-240248MEDIUMLighttpd must use SSL/TLS protocols in order to secure passwords during transmission from the client.V-240249MEDIUMLighttpd must have private key access restricted.V-240250MEDIUMLighttpd must be configured to use only FIPS 140-2 approved ciphers.V-240251HIGHLighttpd must prohibit non-privileged accounts from accessing the directory tree, the shell, or other operating system functions and utilities.V-240252HIGHLighttpd must have the latest version installed.V-240253MEDIUMThe Lighttpd baseline must be maintained.V-240254MEDIUMLighttpd must protect against or limit the effects of HTTP types of Denial of Service (DoS) attacks.V-240255MEDIUMLighttpd must disable directory browsing.V-240256MEDIUMLighttpd must not be configured to use mod_status.V-240257MEDIUMLighttpd must have debug logging disabled.V-240258HIGHLighttpd must be configured to utilize the Common Information Model Object Manager.V-240259MEDIUMLighttpd must restrict inbound connections from nonsecure zones.V-240260MEDIUMLighttpd must be configured to use syslog.V-240261MEDIUMLighttpd must be configured to use syslog.V-240262MEDIUMThe web server must use a logging mechanism that is configured to provide a warning to the ISSO and SA when allocated record storage volume reaches 75% of maximum log record storage capacity.V-240263MEDIUMLighttpd audit records must be mapped to a time stamp.V-240264MEDIUMLighttpd must record time stamps for log records to a minimum granularity of time.V-240265MEDIUMLighttpd must prohibit non-privileged accounts from accessing the application, libraries, and configuration files.V-240266MEDIUMLighttpd must not be configured to listen to unnecessary ports.V-240267MEDIUMLighttpd must be configured with FIPS 140-2 compliant ciphers for https connections.V-240268MEDIUMLighttpd must be protected from being stopped by a non-privileged user.V-240269MEDIUMLighttpd must be configured to use the SSL engine.V-240270MEDIUMLighttpd must be configured to use the SSL engine.V-240271HIGHLighttpd must use an approved TLS version for encryption.V-240272MEDIUMLighttpd must remove all export ciphers to transmitted information.V-240273MEDIUMLighttpd must be configured to use SSL.V-240274MEDIUMLighttpd must have the latest approved security-relevant software updates installed.V-240275MEDIUMLighttpd must disable IP forwarding.V-258452HIGHThe version of vRealize Automation 7.x Lighttpd running on the system must be a supported version.