Check: VCPF-67-000010
VMware vSphere 6.7 Perfcharts Tomcat STIG:
VCPF-67-000010
(in versions v1 r3 through v1 r1)
Title
Performance Charts must not be configured with unsupported realms. (Cat II impact)
Discussion
Performance Charts performs user authentication at the application level and not through Tomcat. Depending on the VCSA version, Performance Charts may come configured with a "UserDatabaseRealm". This should be removed as part of eliminating unnecessary features.
Check Content
At the command prompt, execute the following command: # grep UserDatabaseRealm /usr/lib/vmware-perfcharts/tc-instance/conf/server.xml If the command produces any output, this is a finding.
Fix Text
Navigate to and open /usr/lib/vmware-perfcharts/tc-instance/conf/server.xml. Remove the <Realm> node returned in the check.
Additional Identifiers
Rule ID: SV-239411r879587_rule
Vulnerability ID: V-239411
Group Title: SRG-APP-000141-WSR-000015
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |