Check: VCST-67-000010
VMware vSphere 6.7 STS Tomcat STIG:
VCST-67-000010
(in versions v1 r3 through v1 r2)
Title
The Security Token Service must not be configured with unused realms. (Cat II impact)
Discussion
The Security Token Service performs user authentication at the application level and not through Tomcat. To eliminate unnecessary features and ensure that the Security Token Service remains in its shipping state, the lack of a "UserDatabaseRealm" configuration must be confirmed.
Check Content
Connect to the PSC, whether external or embedded. At the command prompt, execute the following command: # grep UserDatabase /usr/lib/vmware-sso/vmware-sts/conf/server.xml If the command produces any output, this is a finding.
Fix Text
Connect to the PSC, whether external or embedded. Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/server.xml. Remove the <Realm> nodes returned in the check.
Additional Identifiers
Rule ID: SV-239661r879587_rule
Vulnerability ID: V-239661
Group Title: SRG-APP-000141-WSR-000015
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |