Check: VCEM-67-000010
VMware vSphere 6.7 EAM Tomcat STIG:
VCEM-67-000010
(in versions v1 r4 through v1 r1)
Title
ESX Agent Manager must not be configured with unsupported realms. (Cat II impact)
Discussion
ESX Agent Manager performs authentication at the application level and not through Tomcat. To eliminate unnecessary features and ensure that ESX Agent Manager remains in its shipping state, the lack of a UserDatabaseRealm configuration must be confirmed.
Check Content
At the command prompt, execute the following command: # grep UserDatabaseRealm /usr/lib/vmware-eam/web/conf/server.xml If the command produces any output, this is a finding.
Fix Text
Navigate to and open: /usr/lib/vmware-eam/web/conf/server.xml Remove the <Realm> node returned in the check.
Additional Identifiers
Rule ID: SV-239381r879587_rule
Vulnerability ID: V-239381
Group Title: SRG-APP-000141-WSR-000015
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |