VCEM-67-000011 – ESX Agent Manager must be configured to limit access to internal packages.

Details

The ‘package.access’ entry in the ‘catalina.properties’ file implements access control at the package level. When properly configured, a security exception will be reported if there is an errant or malicious webapp attempt to access the listed internal classes directly or if a new class is defined under the protected packages. The ESX Agent Manager comes preconfigured with the appropriate packages defined in ‘package.access’, and this configuration must be maintained.

Solution

Navigate to and open:

/etc/vmware-eam/catalina.properties

Ensure that the ‘package.access’ line is configured as follows:

package.access=
sun.,
org.apache.catalina.,
org.apache.coyote.,
org.apache.tomcat.,
org.apache.jasper.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-7a.
CAT|II
CCI|CCI-000381
Rule-ID|SV-239382r674640_rule
STIG-ID|VCEM-67-000011
Vuln-ID|V-239382

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles