DISA STIG VMware vSphere 7.0 Lookup Service v1r2

Audit Details

Name: DISA STIG VMware vSphere 7.0 Lookup Service v1r2

Updated: 6/17/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 32

File Details

Filename: DISA_STIG_VMware_vSphere_7.0_Lookup_Service_v1r2.audit

Size: 64 kB

MD5: 55788b379700d5d4478127bfd303aacc

SHA256: a6f4c32f8051c8e47087db1396e3bb4e2f1f453470f36add0da15e496dc5df42

Audit Items

Description	Categories
DISA_STIG_VMware_vSphere_7.0_SVC.audit from DISA VMware vSphere 7.0 vCenter Appliance Lookup Service v1r2 STIG
VCLU-70-000001 - Lookup Service must limit the amount of time that each Transport Control Protocol (TCP) connection is kept alive - TCP connection is kept alive.	ACCESS CONTROL
VCLU-70-000002 - Lookup Service must limit the number of concurrent connections permitted.	ACCESS CONTROL
VCLU-70-000003 - Lookup Service must limit the maximum size of a POST request.	ACCESS CONTROL
VCLU-70-000004 - Lookup Service must protect cookies from cross-site scripting (XSS) - XSS.	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION
VCLU-70-000005 - Lookup Service must record user access in a format that enables monitoring of remote access.	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
VCLU-70-000006 - Lookup Service must generate log records for system startup and shutdown.	AUDIT AND ACCOUNTABILITY
VCLU-70-000007 - Lookup Service log files must only be accessible by privileged users.	AUDIT AND ACCOUNTABILITY
VCLU-70-000008 - Lookup Service application files must be verified for their integrity.	CONFIGURATION MANAGEMENT
VCLU-70-000009 - Lookup Service must only run one webapp.	CONFIGURATION MANAGEMENT
VCLU-70-000010 - Lookup Service must not be configured with the 'UserDatabaseRealm' enabled.	CONFIGURATION MANAGEMENT
VCLU-70-000011 - Lookup Service must be configured to limit access to internal packages.	CONFIGURATION MANAGEMENT
VCLU-70-000012 - Lookup Service must have Multipurpose Internet Mail Extensions (MIMEs) that invoke operating system shell programs disabled - MIMEs that invoke operating system shell programs disabled.	CONFIGURATION MANAGEMENT
VCLU-70-000013 - Lookup Service must have mappings set for Java servlet pages.	CONFIGURATION MANAGEMENT
VCLU-70-000014 - Lookup Service must not have the Web Distributed Authoring (WebDAV) servlet installed - WebDAV servlet installed.	CONFIGURATION MANAGEMENT
VCLU-70-000015 - Lookup Service must be configured with memory leak protection.	CONFIGURATION MANAGEMENT
VCLU-70-000016 - Lookup Service must not have any symbolic links in the web content directory tree.	CONFIGURATION MANAGEMENT
VCLU-70-000017 - Lookup Service directory tree must have permissions in an out-of-the-box state - out-of-the box state.	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
VCLU-70-000018 - Lookup Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.	SYSTEM AND COMMUNICATIONS PROTECTION
VCLU-70-000019 - Lookup Service must limit the number of allowed connections.	SYSTEM AND COMMUNICATIONS PROTECTION
VCLU-70-000020 - Lookup Service must set URIEncoding to UTF-8.	SYSTEM AND INFORMATION INTEGRITY
VCLU-70-000021 - Lookup Service must set the welcome-file node to a default web page.	SYSTEM AND INFORMATION INTEGRITY
VCLU-70-000022 - The Lookup Service must not show directory listings.	SYSTEM AND INFORMATION INTEGRITY
VCLU-70-000023 - Lookup Service must be configured to hide the server version.	SYSTEM AND INFORMATION INTEGRITY
VCLU-70-000024 - Lookup Service must be configured to show error pages with minimal information.	SYSTEM AND INFORMATION INTEGRITY
VCLU-70-000025 - Lookup Service must not enable support for TRACE requests.	SYSTEM AND INFORMATION INTEGRITY
VCLU-70-000026 - Lookup Service must have the debug option turned off.	SYSTEM AND INFORMATION INTEGRITY
VCLU-70-000027 - Lookup Service must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server.	AUDIT AND ACCOUNTABILITY
VCLU-70-000028 - Lookup Service log files must be offloaded to a central log server in real time.	AUDIT AND ACCOUNTABILITY
VCLU-70-000029 - Lookup Service must be configured with the appropriate ports.	CONFIGURATION MANAGEMENT
VCLU-70-000030 - Lookup Service must disable the shutdown port.	SYSTEM AND COMMUNICATIONS PROTECTION
VCLU-70-000031 - Lookup Service must set the secure flag for cookies.	SYSTEM AND COMMUNICATIONS PROTECTION

Detections

Analytics

DISA STIG VMware vSphere 7.0 Lookup Service v1r2

Audit Details

File Details

Audit Items