VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - http

Information

Web servers provide numerous processes, features, and functionalities that use TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The ports that the Security Token Service listens on are configured in the 'catalina.properties' file and must be verified as accurate to their shipping state.

Solution

Connect to the PSC, whether external or embedded.

Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties.

Navigate to the ports specification section.

Set the Security Token Service port specifications according to the following list:

bio-custom.http.port=7080
bio-custom.https.port=8443
bio-ssl-localhost.https.port=7444

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(1)(b), CAT|II, CCI|CCI-001762, Rule-ID|SV-239679r879756_rule, STIG-ID|VCST-67-000028, Vuln-ID|V-239679

Plugin: Unix

Control ID: 0ed3c9819f699cd9c4dd813f56a9cb853931722f5bb7a6de88114fc322736d81