Check: VCST-67-000008
VMware vSphere 6.7 STS Tomcat STIG:
VCST-67-000008
(in versions v1 r3 through v1 r2)
Title
The Security Token Service application files must be verified for their integrity. (Cat II impact)
Discussion
Verifying that the Security Token Service application code is unchanged from its shipping state is essential for file validation and non-repudiation of the Security Token Service. There is no reason the MD5 hash of the rpm original files should be changed after installation, excluding configuration files. Satisfies: SRG-APP-000131-WSR-000051, SRG-APP-000357-WSR-000150
Check Content
Connect to the PSC, whether external or embedded. At the command prompt, execute the following command: # rpm -V vmware-identity-sts|grep "^..5......"|grep -E "\.war|\.jar|\.sh|\.py" If there is any output, this is a finding.
Fix Text
Connect to the PSC, whether external or embedded. Reinstall the VCSA or roll back to a snapshot. Modifying the Security Token Service installation files manually is not supported by VMware.
Additional Identifiers
Rule ID: SV-239659r879584_rule
Vulnerability ID: V-239659
Group Title: SRG-APP-000131-WSR-000051
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001749 |
The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization. |
CCI-001849 |
The organization allocates audit record storage capacity in accordance with organization-defined audit record storage requirements. |