The Security Token Service must limit the number of allowed connections.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-256763 | SRG-APP-000246-WSR-000149 | VCST-70-000019 | SV-256763r889259_rule | 2023-06-15 | 1 |
| Description |
|---|
| Limiting the number of established connections to the Security Token Service is a basic denial-of-service protection. Servers where the limit is too high or unlimited can potentially run out of system resources and negatively affect system availability. |
| ℹ️ Check |
|---|
| At the command prompt, run the following command: # xmllint --xpath '/Server/Service/Connector[@port="${bio-custom.http.port}"]/@acceptCount' /usr/lib/vmware-sso/vmware-sts/conf/server.xml Expected result: acceptCount="100" If the output does not match the expected result, this is a finding. |
| ✔️ Fix |
|---|
| Navigate to and open: /usr/lib/vmware-sso/vmware-sts/conf/server.xml Navigate to the <Connector> configured with port="${bio-custom.http.port}". Add or change the following value: acceptCount="100" Restart the service with the following command: # vmon-cli --restart sts |