DISA STIG VMware vSphere 7.0 Lookup Service v1r2

Audit Details

Name: DISA STIG VMware vSphere 7.0 Lookup Service v1r2

Updated: 6/17/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 32

File Details

Filename: DISA_STIG_VMware_vSphere_7.0_Lookup_Service_v1r2.audit

Size: 64 kB

MD5: 55788b379700d5d4478127bfd303aacc
SHA256: a6f4c32f8051c8e47087db1396e3bb4e2f1f453470f36add0da15e496dc5df42

Audit Items

DescriptionCategories
DISA_STIG_VMware_vSphere_7.0_SVC.audit from DISA VMware vSphere 7.0 vCenter Appliance Lookup Service v1r2 STIG
VCLU-70-000001 - Lookup Service must limit the amount of time that each Transport Control Protocol (TCP) connection is kept alive - TCP connection is kept alive.

ACCESS CONTROL

VCLU-70-000002 - Lookup Service must limit the number of concurrent connections permitted.

ACCESS CONTROL

VCLU-70-000003 - Lookup Service must limit the maximum size of a POST request.

ACCESS CONTROL

VCLU-70-000004 - Lookup Service must protect cookies from cross-site scripting (XSS) - XSS.

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

VCLU-70-000005 - Lookup Service must record user access in a format that enables monitoring of remote access.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

VCLU-70-000006 - Lookup Service must generate log records for system startup and shutdown.

AUDIT AND ACCOUNTABILITY

VCLU-70-000007 - Lookup Service log files must only be accessible by privileged users.

AUDIT AND ACCOUNTABILITY

VCLU-70-000008 - Lookup Service application files must be verified for their integrity.

CONFIGURATION MANAGEMENT

VCLU-70-000009 - Lookup Service must only run one webapp.

CONFIGURATION MANAGEMENT

VCLU-70-000010 - Lookup Service must not be configured with the 'UserDatabaseRealm' enabled.

CONFIGURATION MANAGEMENT

VCLU-70-000011 - Lookup Service must be configured to limit access to internal packages.

CONFIGURATION MANAGEMENT

VCLU-70-000012 - Lookup Service must have Multipurpose Internet Mail Extensions (MIMEs) that invoke operating system shell programs disabled - MIMEs that invoke operating system shell programs disabled.

CONFIGURATION MANAGEMENT

VCLU-70-000013 - Lookup Service must have mappings set for Java servlet pages.

CONFIGURATION MANAGEMENT

VCLU-70-000014 - Lookup Service must not have the Web Distributed Authoring (WebDAV) servlet installed - WebDAV servlet installed.

CONFIGURATION MANAGEMENT

VCLU-70-000015 - Lookup Service must be configured with memory leak protection.

CONFIGURATION MANAGEMENT

VCLU-70-000016 - Lookup Service must not have any symbolic links in the web content directory tree.

CONFIGURATION MANAGEMENT

VCLU-70-000017 - Lookup Service directory tree must have permissions in an out-of-the-box state - out-of-the box state.

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

VCLU-70-000018 - Lookup Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.

SYSTEM AND COMMUNICATIONS PROTECTION

VCLU-70-000019 - Lookup Service must limit the number of allowed connections.

SYSTEM AND COMMUNICATIONS PROTECTION

VCLU-70-000020 - Lookup Service must set URIEncoding to UTF-8.

SYSTEM AND INFORMATION INTEGRITY

VCLU-70-000021 - Lookup Service must set the welcome-file node to a default web page.

SYSTEM AND INFORMATION INTEGRITY

VCLU-70-000022 - The Lookup Service must not show directory listings.

SYSTEM AND INFORMATION INTEGRITY

VCLU-70-000023 - Lookup Service must be configured to hide the server version.

SYSTEM AND INFORMATION INTEGRITY

VCLU-70-000024 - Lookup Service must be configured to show error pages with minimal information.

SYSTEM AND INFORMATION INTEGRITY

VCLU-70-000025 - Lookup Service must not enable support for TRACE requests.

SYSTEM AND INFORMATION INTEGRITY

VCLU-70-000026 - Lookup Service must have the debug option turned off.

SYSTEM AND INFORMATION INTEGRITY

VCLU-70-000027 - Lookup Service must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server.

AUDIT AND ACCOUNTABILITY

VCLU-70-000028 - Lookup Service log files must be offloaded to a central log server in real time.

AUDIT AND ACCOUNTABILITY

VCLU-70-000029 - Lookup Service must be configured with the appropriate ports.

CONFIGURATION MANAGEMENT

VCLU-70-000030 - Lookup Service must disable the shutdown port.

SYSTEM AND COMMUNICATIONS PROTECTION

VCLU-70-000031 - Lookup Service must set the secure flag for cookies.

SYSTEM AND COMMUNICATIONS PROTECTION