tc Server ALL server files must be verified for their integrity (e.g., checksums and hashes) before becoming part of the production web server.

From VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide

Associated with: CCI-001749

SV-100647r1_rule tc Server ALL server files must be verified for their integrity (e.g., checksums and hashes) before becoming part of the production web server.

Vulnerability discussion

Being able to verify that a patch, upgrade, certificate, etc., being added to the web server is unchanged from the producer of the file is essential for file validation and non-repudiation of the information. VMware delivers product updates and patches regularly. It is crucial that system administrators coordinate installation of product updates with the site ISSO to ensure that only valid files are uploaded onto the system.

Check content

Interview the ISSO. Determine whether web server files are being fully reviewed, tested, and signed before being implemented into the production environment. If the web server files are not being fully reviewed, tested, and signed before being implemented into the production environment, this is a finding.

Fix text

Configure the web server to verify object integrity before becoming part of the production web server or utilize an external tool designed to meet this requirement.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.