The Security Token Service application files must be verified for their integrity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239659 | VCST-67-000008 | SV-239659r816702_rule | Medium |
| Description |
|---|
| Verifying that the Security Token Service application code is unchanged from its shipping state is essential for file validation and non-repudiation of the Security Token Service. There is no reason the MD5 hash of the rpm original files should be changed after installation, excluding configuration files. Satisfies: SRG-APP-000131-WSR-000051, SRG-APP-000357-WSR-000150 |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 STS Tomcat Security Technical Implementation Guide | 2022-01-03 |
Details
| Check Text ( C-42892r816700_chk ) |
|---|
| Connect to the PSC, whether external or embedded. At the command prompt, execute the following command: # rpm -V vmware-identity-sts|grep "^..5......"|grep -E "\.war|\.jar|\.sh|\.py" If there is any output, this is a finding. |
| Fix Text (F-42851r816701_fix) |
|---|
| Connect to the PSC, whether external or embedded. Reinstall the VCSA or roll back to a snapshot. Modifying the Security Token Service installation files manually is not supported by VMware. |