UCF STIG Viewer Logo

The vCenter STS service manager webapp must be removed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-259001 VCST-80-000154 SV-259001r960963_rule Medium
Description
Tomcat provides management functionality through either a default manager webapp or through local editing of the configuration files. The manager webapp files must be deleted, and administration must be performed through the local editing of the configuration files.
STIG Date
VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide 2024-07-11

Details

Check Text ( C-62741r934659_chk )
At the command prompt, run the following command:

# ls -l /var/opt/apache-tomcat/webapps/manager

If the manager folder exists or contains any content, this is a finding.
Fix Text (F-62650r934660_fix)
At the command prompt, run the following command:

# rm -rf /var/opt/apache-tomcat/webapps/manager