tc Server API must be configured with the appropriate ports.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-241715	VROM-TC-000855	SV-241715r879756_rule		Medium

Description
Web servers provide numerous processes, features, and functionalities that utilize TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The web server must provide the capability to disable or deactivate network-related services that are deemed to be non-essential to the server mission, are too unsecure, or are prohibited by the PPSM CAL and vulnerability assessments. An essential configuration file for tc Server is “catalina.properties”. The ports that tc Server listens to will be configured in that file.

Description

Web servers provide numerous processes, features, and functionalities that utilize TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The web server must provide the capability to disable or deactivate network-related services that are deemed to be non-essential to the server mission, are too unsecure, or are prohibited by the PPSM CAL and vulnerability assessments. An essential configuration file for tc Server is “catalina.properties”. The ports that tc Server listens to will be configured in that file.

STIG	Date
VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide	2023-09-12

Details

Check Text ( C-44991r854936_chk )
At the command prompt, execute the following command: cat /usr/lib/vmware-vcops/tomcat-enterprise/conf/catalina.properties \| grep -E '\.port' Review the listed ports. Verify that they match the list below of tc Server API ports. base.shutdown.port=-1 bio-ssl.https.port=8440 bio.http.port=8081 bio.https.port=8440 jk.port=8010 vmware-ajp13.jk.port=8010 vmware-ajp13.https.port=8440 vmware-ssl.https.port=8440 vmware-ajp13.jk.port=8010 vmware-ajp13.https.port=8440 If the ports are not as listed, this is a finding.

Check Text ( C-44991r854936_chk )

At the command prompt, execute the following command:

cat /usr/lib/vmware-vcops/tomcat-enterprise/conf/catalina.properties | grep -E '\.port'

Review the listed ports.

Verify that they match the list below of tc Server API ports.

base.shutdown.port=-1
bio-ssl.https.port=8440
bio.http.port=8081
bio.https.port=8440
jk.port=8010
vmware-ajp13.jk.port=8010
vmware-ajp13.https.port=8440
vmware-ssl.https.port=8440
vmware-ajp13.jk.port=8010
vmware-ajp13.https.port=8440

If the ports are not as listed, this is a finding.

Fix Text (F-44950r684006_fix)
Navigate to and open /usr/lib/vmware-vcops/tomcat-enterprise/conf/catalina.properties. Navigate to the ports specification section. Set the tc Server API port specifications according to the list below: base.shutdown.port=-1 bio-ssl.https.port=8440 bio.http.port=8081 bio.https.port=8440 jk.port=8010 vmware-ajp13.jk.port=8010 vmware-ajp13.https.port=8440 vmware-ssl.https.port=8440 vmware-ajp13.jk.port=8010 vmware-ajp13.https.port=8440

Fix Text (F-44950r684006_fix)

Navigate to and open /usr/lib/vmware-vcops/tomcat-enterprise/conf/catalina.properties.

Navigate to the ports specification section.

Set the tc Server API port specifications according to the list below:

base.shutdown.port=-1
bio-ssl.https.port=8440
bio.http.port=8081
bio.https.port=8440
jk.port=8010
vmware-ajp13.jk.port=8010
vmware-ajp13.https.port=8440
vmware-ssl.https.port=8440
vmware-ajp13.jk.port=8010
vmware-ajp13.https.port=8440