Check: VCUI-67-000009
VMware vSphere 6.7 UI Tomcat STIG:
VCUI-67-000009
(in versions v1 r3 through v1 r1)
Title
vSphere UI plugins must be authorized before use. (Cat II impact)
Discussion
The vSphere UI ships with a number of plugins out of the box. Any additional plugins may affect the availability and integrity of the system and must be approved and documented by the ISSO before deployment.
Check Content
At the command prompt, execute the following command: # diff <(find /usr/lib/vmware-vsphere-ui/plugin-packages/vsphere-client/plugins -type f|sort) <(rpm -ql vsphere-ui|grep "/usr/lib/vmware-vsphere-ui/plugin-packages/vsphere-client/plugins/"|sort) If there is any output, this indicates a vSphere UI plugin is present that does not ship with the VCSA. If this plugin is not known and approved, this is a finding.
Fix Text
For every unauthorized plugin returned by the check, run the following command. # rm <file>
Additional Identifiers
Rule ID: SV-239690r879584_rule
Vulnerability ID: V-239690
Group Title: SRG-APP-000131-WSR-000073
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001749 |
The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization. |
Controls
Number | Title |
---|---|
CM-5 (3) |
Signed Components |