Check: VCUI-67-000008
VMware vSphere 6.7 UI Tomcat STIG:
VCUI-67-000008
(in versions v1 r3 through v1 r1)
Title
vSphere UI application files must be verified for their integrity. (Cat II impact)
Discussion
Verifying that the vSphere UI application code is unchanged from its shipping state is essential for file validation and non-repudiation of the vSphere UI. There is no reason that the MD5 hash of the rpm original files should be changed after installation, excluding configuration files.
Check Content
At the command prompt, execute the following command: # rpm -V vsphere-ui|grep "^..5......"|grep -E "\.war|\.jar|\.sh|\.py" If is any output, this is a finding.
Fix Text
Reinstall the VCSA or roll back to a snapshot. Modifying the vSphere UI installation files manually is not supported by VMware.
Additional Identifiers
Rule ID: SV-239689r879584_rule
Vulnerability ID: V-239689
Group Title: SRG-APP-000131-WSR-000051
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001749 |
The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization. |
Controls
Number | Title |
---|---|
CM-5 (3) |
Signed Components |