Check: VCUI-67-000031
VMware vSphere 6.7 UI Tomcat STIG:
VCUI-67-000031
(in versions v1 r3 through v1 r1)
Title
vSphere UI must not be configured with the "UserDatabaseRealm" enabled. (Cat II impact)
Discussion
The vSphere UI performs user authentication at the application level and not through Tomcat. By default, there is no configuration for the "UserDatabaseRealm" Tomcat authentication mechanism. To eliminate unnecessary features and ensure that the vSphere UI remains in its shipping state, the lack of a UserDatabaseRealm configuration must be confirmed.
Check Content
At the command prompt, execute the following command: # grep UserDatabaseRealm /usr/lib/vmware-vsphere-ui/server/conf/server.xml If the command produces any output, this is a finding.
Fix Text
Navigate to and open /usr/lib/vmware-vsphere-ui/server/conf/server.xml. Remove any and all <Realm> nodes.
Additional Identifiers
Rule ID: SV-239712r879587_rule
Vulnerability ID: V-239712
Group Title: SRG-APP-000141-WSR-000015
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |