fjluce2
Contributor
Contributor

VMware vSphere 6.7 VAMI-lighttp question

While working through a STIG I came upon an issue with the VAMI-lighttp service.

While looking into the cause I ran the command service vami-lighttp status -l and received as part of the output:

Loaded: loaded (/etc/rc.d/init.d/vami-lighttp: bad; vendor preset: enabled)

What does the bad in this line really mean? From my reading it would report that if it was not a native service. So there is some confusion as this service appears that it should appear as a native service. But I figured its worth asking the question as the STIG text would lead me to believe that somehow the file has been modified from what was loaded from VMware. If the system was not isolated from the Internet I could believe. Was wondering if anyone else had run into this?

 

0 Kudos
1 Reply
AgentTV
Contributor
Contributor

I'm not sure if your last question was answered.  I had encountered a similar error when I ran the command "service vami-lighttp restart", because VAMI could not be displayed (i.e. no process listening to port 5480).  I also confirmed, using the command "systemctl status vami-lighttp.service", that the vami-lighttp service was not running.  The output of this command pointed me to the configuration file /opt/vmware/etc/lighttpd/lighttpd.conf, which reminded me that I recently enabled FIPS to comply with STIG (VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections. (stigviewer.com)).  So commenting out the "ssl.cipher-list" line for STIG FIPS resolved my VAMI cannot display problem.

Does anyone know if vCSA 6.7u3p or any later version is compatible with FIPS 140-2?

0 Kudos