Check: VCEM-67-000009
VMware vSphere 6.7 EAM Tomcat STIG:
VCEM-67-000009
(in versions v1 r4 through v1 r1)
Title
ESX Agent Manager must only run one webapp. (Cat II impact)
Discussion
VMware ships ESX Agent Managers on the VCSA with one webapp. Any other path is potentially malicious and must be removed.
Check Content
At the command prompt, execute the following command: # ls -A /usr/lib/vmware-eam/web/webapps Expected result: eam If the output does not match the expected result, this is a finding.
Fix Text
For each unexpected directory returned in the check, run the following command: # rm /usr/lib/vmware-eam/web/webapps/<NAME> Restart the service with the following command: # vmon-cli --restart eam
Additional Identifiers
Rule ID: SV-239380r879584_rule
Vulnerability ID: V-239380
Group Title: SRG-APP-000131-WSR-000073
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001749 |
The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization. |
Controls
Number | Title |
---|---|
CM-5 (3) |
Signed Components |