← Back to VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

V-240254

CAT II (Medium)

Lighttpd must protect against or limit the effects of HTTP types of Denial of Service (DoS) attacks.

Rule ID

SV-240254r879650_rule

STIG

VMware vRealize Automation 7.x Lighttpd Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001094

Discussion

In UNIX and related computer operating systems, a file descriptor is an indicator used to access a file or other input/output resource, such as a pipe or network connection. File descriptors index into a per-process file descriptor table maintained by the kernel, that in turn indexes into a system-wide table of files opened by all processes, called the file table. As a single-threaded server, Lighttpd must be limited in the number of file descriptors that can be allocated. This will prevent Lighttpd from being used in a form of DoS attack against the Operating System.

Check Content

At the command prompt, execute the following command:

grep '^server.max-fds' /opt/vmware/etc/lighttpd/lighttpd.conf

If the value for "server.max-fds" is not set to "2048", this is a finding.

Fix Text

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf

Configure the "lighttpd.conf" file with the following: 

server.max-fds = 2048