STIGQter: STIG Summary:| Checked | Name | Title |
|---|---|---|
| ☐ | SV-239682r679152_rule | vSphere UI must limit the amount of time that each TCP connection is kept alive. |
| ☐ | SV-239683r679155_rule | vSphere UI must limit the number of concurrent connections permitted. |
| ☐ | SV-239684r679158_rule | vSphere UI must limit the maximum size of a POST request. |
| ☐ | SV-239685r679161_rule | vSphere UI must protect cookies from XSS. |
| ☐ | SV-239686r679252_rule | vSphere UI must record user access in a format that enables monitoring of remote access. |
| ☐ | SV-239687r679167_rule | vSphere UI must generate log records for system startup and shutdown. |
| ☐ | SV-239688r679170_rule | vSphere UI log files must only be accessible by privileged users. |
| ☐ | SV-239689r679173_rule | vSphere UI application files must be verified for their integrity. |
| ☐ | SV-239690r679176_rule | vSphere UI plugins must be authorized before use. |
| ☐ | SV-239691r679179_rule | vSphere UI must be configured to limit access to internal packages. |
| ☐ | SV-239692r679182_rule | vSphere UI must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. |
| ☐ | SV-239693r679185_rule | vSphere UI must have mappings set for Java servlet pages. |
| ☐ | SV-239694r679188_rule | vSphere UI must not have the Web Distributed Authoring (WebDAV) servlet installed. |
| ☐ | SV-239695r679191_rule | vSphere UI must be configured with memory leak protection. |
| ☐ | SV-239696r679194_rule | vSphere UI must not have any symbolic links in the web content directory tree. |
| ☐ | SV-239697r679197_rule | vSphere UI directory tree must have permissions in an "out-of-the-box" state. |
| ☐ | SV-239698r679200_rule | vSphere UI must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. |
| ☐ | SV-239699r679203_rule | vSphere UI must limit the number of allowed connections. |
| ☐ | SV-239700r679206_rule | vSphere UI must set URIEncoding to UTF-8. |
| ☐ | SV-239701r679209_rule | vSphere UI must set the welcome-file node to a default web page. |
| ☐ | SV-239702r679212_rule | The vSphere UI must not show directory listings. |
| ☐ | SV-239703r679215_rule | vSphere UI must be configured to hide the server version. |
| ☐ | SV-239704r679218_rule | vSphere UI must be configured to show error pages with minimal information. |
| ☐ | SV-239705r679221_rule | vSphere UI must not enable support for TRACE requests. |
| ☐ | SV-239706r679224_rule | vSphere UI must have the debug option turned off. |
| ☐ | SV-239707r679227_rule | vSphere UI must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server. |
| ☐ | SV-239708r679230_rule | vSphere UI log files must be moved to a permanent repository in accordance with site policy. |
| ☐ | SV-239709r679233_rule | vSphere UI must be configured with the appropriate ports. |
| ☐ | SV-239710r679236_rule | vSphere UI must disable the shutdown port. |
| ☐ | SV-239711r679239_rule | vSphere UI must set the secure flag for cookies. |
| ☐ | SV-239712r679242_rule | vSphere UI must not be configured with the "UserDatabaseRealm" enabled. |
| ☐ | SV-239713r679245_rule | vSphere UI must restrict its cookie path. |