UCF STIG Viewer Logo

The Security Token Service application files must be verified for their integrity.


Finding ID Version Rule ID IA Controls Severity
V-239659 VCST-67-000008 SV-239659r816702_rule Medium
Verifying that the Security Token Service application code is unchanged from its shipping state is essential for file validation and non-repudiation of the Security Token Service. There is no reason the MD5 hash of the rpm original files should be changed after installation, excluding configuration files. Satisfies: SRG-APP-000131-WSR-000051, SRG-APP-000357-WSR-000150
VMware vSphere 6.7 STS Tomcat Security Technical Implementation Guide 2022-01-03


Check Text ( C-42892r816700_chk )
Connect to the PSC, whether external or embedded.

At the command prompt, execute the following command:

# rpm -V vmware-identity-sts|grep "^..5......"|grep -E "\.war|\.jar|\.sh|\.py"

If there is any output, this is a finding.
Fix Text (F-42851r816701_fix)
Connect to the PSC, whether external or embedded.

Reinstall the VCSA or roll back to a snapshot.

Modifying the Security Token Service installation files manually is not supported by VMware.