The vCenter Perfcharts service must have Autodeploy disabled.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-259095 | SRG-APP-000141-AS-000095 | VCPF-80-000139 | SV-259095r960963_rule | 2024-07-11 | 2 |
Description
Tomcat allows auto-deployment of applications while it is running. This can allow untested or malicious applications to be automatically loaded into production. Autodeploy must be disabled in production.
ℹ️ Check
At the command prompt, run the following command:
# xmllint --xpath "//Host/@autoDeploy" /usr/lib/vmware-perfcharts/tc-instance/conf/server.xml
Expected result:
autoDeploy="false"
If "autoDeploy" does not equal "false", this is a finding.
✔️ Fix
Navigate to and open:
/usr/lib/vmware-perfcharts/tc-instance/conf/server.xml
Navigate to the <Host> node and configure with the value "autoDeploy="false"".
Restart the service with the following command:
# vmon-cli --restart perfcharts