Xylok Security Suite must disable nonessential capabilities.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-269579	SRG-APP-000141	XYLK-20-000053	SV-269579r1053512_rule	2024-12-13	1

Description
If Xylok has unnecessary functionality enabled, the server may allow arbitrary code to run within the Xylok container. This would allow the user to potentially launch malicious acts against other hosts from inside the Xylok container. ENABLE_PP_TEST_API setting in the Xylok Security Suite refers to a configuration flag that enables a specific test API related to the policy processing (PP) functionalities of the suite. This setting is used primarily in development or testing environments to enable specific testing functionalities. Satisfies: SRG-APP-000141, SRG-APP-000246, SRG-APP-000247, SRG-APP-000384

Description

If Xylok has unnecessary functionality enabled, the server may allow arbitrary code to run within the Xylok container. This would allow the user to potentially launch malicious acts against other hosts from inside the Xylok container. ENABLE_PP_TEST_API setting in the Xylok Security Suite refers to a configuration flag that enables a specific test API related to the policy processing (PP) functionalities of the suite. This setting is used primarily in development or testing environments to enable specific testing functionalities. Satisfies: SRG-APP-000141, SRG-APP-000246, SRG-APP-000247, SRG-APP-000384

ℹ️ Check
Verify that Xylok's default ENABLE_PP_TEST_API status is disabled by using the following command: $ grep ENABLE_PP_TEST_API /etc/xylok.conf If "ENABLE_PP_TEST_API" exists (case insensitive), this is a finding.

✔️ Fix
Revert Xylok to its default configuration, which disables the post-processing test API: 1. As root, open /etc/xylok.conf in a text editor. 2. Delete any ENABLE_PP_TEST_API lines from configuration file. 3. Restart Xylok to apply settings: # systemctl restart xylok