vSphere Client must be configured with the appropriate ports.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-239769	VCFL-67-000028	SV-239769r679534_rule		Medium

Description
Web servers provide numerous processes, features, and functionalities that use TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. vSphere Client comes configured with two connectors. One is behind the reverse proxy and listening on 9090, and the other is serving SSL natively on 9443. The ports that vSphere Client listens on must be verified as accurate to their shipping state.

Description

Web servers provide numerous processes, features, and functionalities that use TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. vSphere Client comes configured with two connectors. One is behind the reverse proxy and listening on 9090, and the other is serving SSL natively on 9443. The ports that vSphere Client listens on must be verified as accurate to their shipping state.

STIG	Date
VMware vSphere 6.7 Virgo-Client Security Technical Implementation Guide	2021-03-18

Details

Check Text ( C-43002r679532_chk )
At the command prompt, execute the following command: # xmllint --format --xpath '/Server/Service/Connector/@port' /usr/lib/vmware-vsphere-client/server/configuration/tomcat-server.xml Expected result: port="9090" port="9443" If the output does not match the expected result, this is a finding.

Fix Text (F-42961r679533_fix)
Navigate to and open /usr/lib/vmware-vsphere-client/server/configuration/tomcat-server.xml in a text editor. On the first , with redirectPort="9443", configure the port as follows: port="9090" On the second , with SSLEnabled="true", configure the port as follows: port="9443"