The vCenter STS service host-manager webapp must be removed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-259002 | VCST-80-000155 | SV-259002r934664_rule | Medium |
| Description |
|---|
| Tomcat provides host management functionality through either a default host-manager webapp or through local editing of the configuration files. The host-manager webapp files must be deleted, and administration must be performed through the local editing of the configuration files. |
| STIG | Date |
|---|---|
| VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide | 2023-10-29 |
Details
| Check Text ( C-62742r934662_chk ) |
|---|
| At the command prompt, run the following command: # ls -l /var/opt/apache-tomcat/webapps/host-manager If the manager folder exists or contains any content, this is a finding. |
| Fix Text (F-62651r934663_fix) |
|---|
| At the command prompt, run the following command: # rm -rf /var/opt/apache-tomcat/webapps/host-manager |