UCF STIG Viewer Logo

ESX Agent Manager must disable the shutdown port.


Finding ID Version Rule ID IA Controls Severity
V-239401 VCEM-67-000030 SV-239401r674697_rule Medium
An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration. If the Tomcat shutdown port feature is enabled, a shutdown signal can be sent to the ESX Agent Manager through this port. To ensure availability, the shutdown port must be disabled.
VMware vSphere 6.7 EAM Tomcat Security Technical Implementation Guide 2022-06-17


Check Text ( C-42634r674695_chk )
At the command prompt, execute the following command:

# grep 'base.shutdown.port' /etc/vmware-eam/catalina.properties

Expected result:


If the output of the command does not match the expected result, this is a finding.
Fix Text (F-42593r674696_fix)
Open /etc/vmware-eam/catalina.properties in a text editor.

Add or modify the setting "base.shutdown.port=-1" in the "catalina.properties" file.