The Security Token Service must limit the number of allowed connections.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-256763 | SRG-APP-000246-WSR-000149 | VCST-70-000019 | SV-256763r889259_rule | 2023-06-15 | 1 |
Description
Limiting the number of established connections to the Security Token Service is a basic denial-of-service protection. Servers where the limit is too high or unlimited can potentially run out of system resources and negatively affect system availability.
ℹ️ Check
At the command prompt, run the following command:
# xmllint --xpath '/Server/Service/Connector[@port="${bio-custom.http.port}"]/@acceptCount' /usr/lib/vmware-sso/vmware-sts/conf/server.xml
Expected result:
acceptCount="100"
If the output does not match the expected result, this is a finding.
✔️ Fix
Navigate to and open:
/usr/lib/vmware-sso/vmware-sts/conf/server.xml
Navigate to the <Connector> configured with port="${bio-custom.http.port}".
Add or change the following value:
acceptCount="100"
Restart the service with the following command:
# vmon-cli --restart sts