Check: VCST-67-000028
VMware vSphere 6.7 STS Tomcat STIG:
VCST-67-000028
(in versions v1 r3 through v1 r2)
Title
The Security Token Service must be configured with the appropriate ports. (Cat II impact)
Discussion
Web servers provide numerous processes, features, and functionalities that use TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The ports that the Security Token Service listens on are configured in the "catalina.properties" file and must be verified as accurate to their shipping state.
Check Content
Connect to the PSC, whether external or embedded. At the command prompt, execute the following command: # grep 'bio' /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties Expected result: bio-custom.http.port=7080 bio-custom.https.port=8443 bio-ssl-localhost.https.port=7444 If the output of the command does not match the expected result, this is a finding.
Fix Text
Connect to the PSC, whether external or embedded. Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties. Navigate to the ports specification section. Set the Security Token Service port specifications according to the following list: bio-custom.http.port=7080 bio-custom.https.port=8443 bio-ssl-localhost.https.port=7444
Additional Identifiers
Rule ID: SV-239679r879756_rule
Vulnerability ID: V-239679
Group Title: SRG-APP-000383-WSR-000175
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001762 |
The organization disables organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure. |
Controls
Number | Title |
---|---|
CM-7 (1) |
Periodic Review |