STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

tc Server API must be configured with the appropriate ports.

DISA Rule

SV-99715r1_rule

Vulnerability Number

V-89065

Group Title

SRG-APP-000383-WSR-000175

Rule Version

VROM-TC-000855

Severity

CAT II

CCI(s)

CCI-001762 - The organization disables organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure.

Weight

Fix Recommendation

Navigate to and open /usr/lib/vmware-vcops/tomcat-enterprise/conf/catalina.properties.

Navigate to the ports specification section.

Set the tc Server API port specifications according to the list below:

base.shutdown.port=-1
bio-ssl.https.port=8440
bio.http.port=8081
bio.https.port=8440
jk.port=8010
vmware-ajp13.jk.port=8010
vmware-ajp13.https.port=8440
vmware-ssl.https.port=8440
vmware-ajp13.jk.port=8010
vmware-ajp13.https.port=8440

Check Contents

At the command prompt, execute the following command:

cat /usr/lib/vmware-vcops/tomcat-enterprise/conf/catalina.properties | grep -E '\.port'

Review the listed ports.

Verify that they match the list below of tc Server API ports.

base.shutdown.port=-1
bio-ssl.https.port=8440
bio.http.port=8081
bio.https.port=8440
jk.port=8010
vmware-ajp13.jk.port=8010
vmware-ajp13.https.port=8440
vmware-ssl.https.port=8440
vmware-ajp13.jk.port=8010
vmware-ajp13.https.port=8440

If the ports are not as listed, this is a finding.

tc Server API must be configured with the appropriate ports.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments