The Security Token Service must be configured with the appropriate ports.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-256771 | SRG-APP-000383-WSR-000175 | VCST-70-000028 | SV-256771r918979_rule | 2023-06-15 | 1 |
Description
Web servers provide numerous processes, features, and functionalities that use TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The ports that the Security Token Service listens on are configured in the "catalina.properties" file and must be verified as accurate to their shipping state.
ℹ️ Check
At the command prompt, run the following command:
# grep 'bio' /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties
Expected result:
bio-custom.http.port=7080
bio-custom.https.port=8443
bio-ssl-clientauth.https.port=3128
bio-ssl-localhost.https.port=7444
If the output of the command does not match the expected result, this is a finding.
Note: Port 3128 will not be shown in the output prior to 7.0 U3i.
✔️ Fix
Navigate to and open:
/usr/lib/vmware-sso/vmware-sts/conf/catalina.properties
Navigate to the ports specification section.
Set the Security Token Service port specifications according to the following list:
bio-custom.http.port=7080
bio-custom.https.port=8443
bio-ssl-clientauth.https.port=3128
bio-ssl-localhost.https.port=7444
Restart the service with the following command:
# vmon-cli --restart sts