Details

An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration.

If the Tomcat shutdown port feature is enabled, a shutdown signal can be sent to Performance Chart through this port. To ensure availability, the shutdown port must be disabled.

Solution

Navigate to and open /etc/vmware-eam/catalina.properties.

Navigate to the ports specification section.

Add or modify the following line:

base.shutdown.port=-1

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|SC-5
• CAT|II
• CCI|CCI-002385
• Rule-ID|SV-239430r675013_rule
• STIG-ID|VCPF-67-000029
• Vuln-ID|V-239430

Source

• Tenable.com/audits