VCLU-70-000030 - Lookup Service must disable the shutdown port.

Information

An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration. If the Tomcat shutdown port feature is enabled, a shutdown signal can be sent to the Lookup Service through this port. To ensure availability, the shutdown port must be disabled.

Solution

Navigate to and open:

/usr/lib/vmware-lookupsvc/conf/server.xml

Ensure the server port is set as follows:

<Server port='${base.shutdown.port}'>

Restart the service with the following command:

# vmon-cli --restart lookupsvc

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5, CAT|II, CCI|CCI-002385, Rule-ID|SV-256735r888796_rule, STIG-ID|VCLU-70-000030, Vuln-ID|V-256735

Plugin: Unix

Control ID: 584ee2c3e80a01efb1b8a7cda3ec46dca2ff7beacebaf2e0910015123b3d184f