Check: VRAU-TC-000040
VMware vRealize Automation 7.x tc Server STIG:
VRAU-TC-000040
(in versions v2 r3 through v1 r1)
Title
tc Server VCO must limit the number of times that each TCP connection is kept alive. (Cat II impact)
Discussion
KeepAlive provides long-lived HTTP sessions that allow multiple requests to be sent over the same connection. Enabling KeepAlive mitigates the effects of several types of denial-of-service attacks. An advantage of KeepAlive is the reduced latency in subsequent requests (no handshaking). However, a disadvantage is that server resources are not available to handle other requests while a connection is maintained between the server and the client. tc Server can be configured to limit the number of subsequent requests that one client can submit to the server over an established connection. This limit helps provide a balance between the advantages of KeepAlive, while not allowing any one connection being held too long by any one client. maxKeepAliveRequests is the tc Server attribute that sets this limit.
Check Content
Navigate to and open /etc/vco/app-server/server.xml. Navigate to the <Connector> node. If the value of "maxKeepAliveRequests" is not set to "15" or is missing, this is a finding.
Fix Text
Navigate to and open /etc/vco/app-server/server.xml. Navigate to the <Connector> node. Configure the <Connector> node with the value 'maxKeepAliveRequests="15"'.
Additional Identifiers
Rule ID: SV-240732r879511_rule
Vulnerability ID: V-240732
Group Title: SRG-APP-000001-WSR-000001
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000054 |
Limit the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number. |
Controls
Number | Title |
---|---|
AC-10 |
Concurrent Session Control |