UCF STIG Viewer Logo

tc Server VCAC must disable the shutdown port.


Finding ID Version Rule ID IA Controls Severity
V-240864 VRAU-TC-000850 SV-240864r879806_rule Medium
An attacker has at least two reasons to stop a web server. The first is to cause a DoS, and the second is to put in place changes the attacker made to the web server configuration. As a Tomcat derivative, tc Server uses a port (defaults to 8005) as a shutdown port. If enabled, a shutdown signal can be sent to tc Server through this port. To ensure availability, the shutdown port should be disabled.
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide 2023-10-03


Check Text ( C-44097r674334_chk )
At the command prompt, execute the following command:

grep base.shutdown.port /etc/vcac/catalina.properties

If the value of "base.shutdown.port" is not set to "-1" or is missing, this is a finding.
Fix Text (F-44056r674335_fix)
Navigate to and open /etc/vcac/catalina.properties.

Navigate to the "base.shutdown.port" setting.

Add the setting "base.shutdown.port=-1" to the "catalina.properties" file.