VCST-70-000018 - The Security Token Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.

Information

Determining a safe state for failure and weighing that against a potential denial of service for users depends on what type of application the web server is hosting. For the Security Token Service, it is preferable that the service abort startup on any initialization failure rather than continuing in a degraded, and potentially insecure, state.

Solution

Navigate to and open:

/usr/lib/vmware-sso/vmware-sts/conf/catalina.properties

Add or change the following line:

org.apache.catalina.startup.EXIT_ON_INIT_FAILURE=true

Restart the service with the following command:

# vmon-cli --restart sts

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-24, CAT|II, CCI|CCI-001190, Rule-ID|SV-256762r889256_rule, STIG-ID|VCST-70-000018, Vuln-ID|V-256762

Plugin: Unix

Control ID: aa08c251619e848be4e5db9859456f670fd99893c541cd795ac54418b92851d5