VCST-70-000009 - The Security Token Service must only run one webapp.

Information

VMware ships the Security Token Service on the vCenter Server Appliance (VCSA) with one webapp, in 'ROOT.war'. Any other '.war' file is potentially malicious and must be removed.

Satisfies: SRG-APP-000131-WSR-000073, SRG-APP-000141-WSR-000075

Solution

For each unexpected file returned in the check, run the following command:

# rm /usr/lib/vmware-sso/vmware-sts/webapps/<NAME>.war

Restart the service with the following command:

# vmon-cli --restart sts

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-5(3), 800-53|CM-7a., CAT|II, CCI|CCI-000381, CCI|CCI-001749, Rule-ID|SV-256753r889229_rule, STIG-ID|VCST-70-000009, Vuln-ID|V-256753

Plugin: Unix

Control ID: beb7ab949704fcb68c139b26dbf8cf2b2c41095cfca6e9aaf3333c76ac2b5c79