Details

Verifying that the Security Token Service application code is unchanged from its shipping state is essential for file validation and non-repudiation of the Security Token Service. There is no reason the MD5 hash of the rpm original files should be changed after installation, excluding configuration files.

Satisfies: SRG-APP-000131-WSR-000051, SRG-APP-000357-WSR-000150

Solution

Reinstall the VCSA or roll back to a snapshot.

Modifying the Security Token Service installation files manually is not supported by VMware.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability, Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|AU-4
• 800-53|CM-5(3)
• CAT|II
• CCI|CCI-001749
• CCI|CCI-001849
• Rule-ID|SV-239659r679049_rule
• STIG-ID|VCST-67-000008
• Vuln-ID|V-239659

Source

• Tenable.com/audits