Check: VCPF-67-000008
VMware vSphere 6.7 Perfcharts Tomcat STIG:
VCPF-67-000008
(in versions v1 r3 through v1 r1)
Title
Performance Charts application files must be verified for their integrity. (Cat II impact)
Discussion
Verifying that the Security Token Service application code is unchanged from its shipping state is essential for file validation and nonrepudiation of Performance Charts. There is no reason that the MD5 hash of the rpm original files should be changed after installation, excluding configuration files.
Check Content
At the command prompt, execute the following command: # rpm -V VMware-perfcharts|grep "^..5......"|grep "/usr/lib"|grep -v -E "\.properties|\.conf|\.xml" If any files are returned, this is a finding.
Fix Text
Reinstall the VCSA or roll back to a snapshot. Modifying the Performance Charts installation files manually is not supported by VMware.
Additional Identifiers
Rule ID: SV-239409r879584_rule
Vulnerability ID: V-239409
Group Title: SRG-APP-000131-WSR-000051
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001749 |
The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization. |
Controls
Number | Title |
---|---|
CM-5 (3) |
Signed Components |