Check: VCEM-67-000029
VMware vSphere 6.7 EAM Tomcat STIG:
VCEM-67-000029
(in versions v1 r4 through v1 r1)
Title
ESX Agent Manager must be configured with the appropriate ports. (Cat II impact)
Discussion
Web servers provide numerous processes, features, and functionalities that use TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The ports that the ESX Agent Manager listens on are configured in the "catalina.properties" file and must be verified as accurate to their shipping state.
Check Content
At the command prompt, execute the following command: # grep 'bio.http.port' /etc/vmware-eam/catalina.properties Expected result: bio.http.port=15005 If the output of the command does not match the expected result, this is a finding.
Fix Text
Navigate to and open: /etc/vmware-eam/catalina.properties Navigate to the ports specification section. Set the ESX Agent Manager port specifications according to the following: bio.http.port=15005
Additional Identifiers
Rule ID: SV-239400r879756_rule
Vulnerability ID: V-239400
Group Title: SRG-APP-000383-WSR-000175
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001762 |
The organization disables organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure. |
Controls
Number | Title |
---|---|
CM-7 (1) |
Periodic Review |