Details

Determining a safe state for failure and weighing that against a potential denial of service for users depends on what type of application the web server is hosting. For the Security Token Service, it is preferable that the service abort startup on any initialization failure rather than continuing in a degraded and potentially insecure state.

Solution

Navigate to and open /etc/vmware-eam/catalina.properties.

Add or change the following line:

org.apache.catalina.startup.EXIT_ON_INIT_FAILURE=true

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.

References

• 800-53|SC-24
• CAT|II
• CCI|CCI-001190
• Rule-ID|SV-239698r679200_rule
• STIG-ID|VCUI-67-000017
• Vuln-ID|V-239698

Source

• Tenable.com/audits