Check: VCUI-67-000028
VMware vSphere 6.7 UI Tomcat STIG:
VCUI-67-000028
(in versions v1 r3 through v1 r1)
Title
vSphere UI must be configured with the appropriate ports. (Cat II impact)
Discussion
Web servers provide numerous processes, features, and functionalities that use TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The ports that vSphere UI listens on are configured in the "catalina.properties" file and must be verified as accurate to their shipping state.
Check Content
At the command prompt, execute the following command: # grep '.port' /usr/lib/vmware-vsphere-ui/server/conf/catalina.properties Expected result: http.port=5090 proxy.port=443 https.port=5443 If the output of the command does not match the expected result, this is a finding.
Fix Text
Navigate to and open /usr/lib/vmware-vsphere-ui/server/conf/catalina.properties. Navigate to the ports specification section. Set the vSphere UI port specifications according to the shipping configuration below: http.port=5090 proxy.port=443 https.port=5443
Additional Identifiers
Rule ID: SV-239709r879756_rule
Vulnerability ID: V-239709
Group Title: SRG-APP-000383-WSR-000175
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001762 |
The organization disables organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure. |
Controls
Number | Title |
---|---|
CM-7 (1) |
Periodic Review |