Xylok Security Suite must disable nonessential capabilities.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-269579 | XYLK-20-000053 | SV-269579r1053512_rule | Medium |
| Description |
| If Xylok has unnecessary functionality enabled, the server may allow arbitrary code to run within the Xylok container. This would allow the user to potentially launch malicious acts against other hosts from inside the Xylok container. ENABLE_PP_TEST_API setting in the Xylok Security Suite refers to a configuration flag that enables a specific test API related to the policy processing (PP) functionalities of the suite. This setting is used primarily in development or testing environments to enable specific testing functionalities. Satisfies: SRG-APP-000141, SRG-APP-000246, SRG-APP-000247, SRG-APP-000384 |
| STIG | Date |
| Xylok Security Suite 20.x Security Technical Implementation Guide | 2024-12-13 |
Details
| Check Text (C-73612r1053510_chk) |
| Verify that Xylok's default ENABLE_PP_TEST_API status is disabled by using the following command: $ grep ENABLE_PP_TEST_API /etc/xylok.conf If "ENABLE_PP_TEST_API" exists (case insensitive), this is a finding. |
| Fix Text (F-73513r1053511_fix) |
| Revert Xylok to its default configuration, which disables the post-processing test API: 1. As root, open /etc/xylok.conf in a text editor. 2. Delete any ENABLE_PP_TEST_API lines from configuration file. 3. Restart Xylok to apply settings: # systemctl restart xylok |