Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The vCenter UI service shutdown port must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-259124 | VCUI-80-000134 | SV-259124r935276_rule | Medium |
| Description |
|---|
| Tomcat by default listens on TCP port 8005 to accept shutdown requests. By connecting to this port and sending the SHUTDOWN command, all applications within Tomcat are halted. The shutdown port is not exposed to the network as it is bound to the loopback interface. Setting the port to "-1" in $CATALINA_BASE/conf/server.xml instructs Tomcat to not listen for the shutdown command. |
| STIG | Date |
|---|---|
| VMware vSphere 8.0 vCenter Appliance User Interface (UI) Security Technical Implementation Guide | 2023-10-29 |
Details
| Check Text ( C-62864r935274_chk ) |
|---|
| At the command prompt, run the following commands: # xmllint --xpath "//Server/@port" /usr/lib/vmware-vsphere-ui/server/conf/server.xml # grep shutdown.port /etc/vmware/vmware-vmon/svcCfgfiles/vsphere-ui.json Example results: port="${shutdown.port}" "-Dshutdown.port=-1", If "port" does not equal "${shutdown.port}", this is a finding. If "shutdown.port" does not equal "-1", this is a finding. |
| Fix Text (F-62773r935275_fix) |
|---|
| Navigate to and open: /usr/lib/vmware-vsphere-ui/server/conf/catalina.properties Add or modify the setting "shutdown.port=-1" in the "catalina.properties" file. Navigate to and open: /usr/lib/vmware-vsphere-ui/server/conf/server.xml Configure the port="${shutdown.port}" Restart the service with the following command: # vmon-cli --restart vsphere-ui |