DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r2

Audit Details

Name: DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r2

Updated: 6/10/2022

Authority: DISA STIG

Plugin: Unix

Revision: 1.0

Estimated Item Count: 36

File Details

Filename: DISA_STIG_VMware_vSphere_6.7_Perfcharts_Tomcat_v1r2.audit

Size: 67.5 kB

MD5: 7ab315b3610d42758d7c96534e2767a6
SHA256: 146f7b7a69dcde1d7d5798856aa4f6f0471dd80abca41f36f6a8952163dbdc19

Audit Items

DescriptionCategories
DISA_STIG_VMware_vSphere_6.7_Perfcharts_Tomcat_v1r2.audit from DISA VMware vSphere 6.7 Perfcharts Tomcat v1r2 STIG
VCPF-67-000001 - Performance Charts must limit the amount of time that each TCP connection is kept alive.

ACCESS CONTROL

VCPF-67-000002 - Performance Charts must limit the number of concurrent connections permitted.

ACCESS CONTROL

VCPF-67-000003 - Performance Charts must limit the maximum size of a POST request.

ACCESS CONTROL

VCPF-67-000004 - Performance Charts must protect cookies from cross-site scripting (XSS).

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

VCPF-67-000005 - Performance Charts must record user access in a format that enables monitoring of remote access.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

VCPF-67-000006 - Performance Charts must generate log records for system startup and shutdown.

AUDIT AND ACCOUNTABILITY

VCPF-67-000007 - Performance Charts log files must only be modifiable by privileged users.

AUDIT AND ACCOUNTABILITY

VCPF-67-000008 - Performance Charts application files must be verified for their integrity.

CONFIGURATION MANAGEMENT

VCPF-67-000009 - Performance Charts must only run one web app.

CONFIGURATION MANAGEMENT

VCPF-67-000010 - Performance Charts must not be configured with unsupported realms.

CONFIGURATION MANAGEMENT

VCPF-67-000011 - Performance Charts must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.

CONFIGURATION MANAGEMENT

VCPF-67-000012 - Performance Charts must have mappings set for Java servlet pages.

CONFIGURATION MANAGEMENT

VCPF-67-000013 - Performance Charts must not have the Web Distributed Authoring (WebDAV) servlet installed.

CONFIGURATION MANAGEMENT

VCPF-67-000014 - Performance Charts must be configured with memory leak protection.

CONFIGURATION MANAGEMENT

VCPF-67-000015 - Performance Charts must not have any symbolic links in the web content directory tree.

CONFIGURATION MANAGEMENT

VCPF-67-000016 - Performance Charts directory tree must have permissions in an 'out-of-the box' state - out-of-the box state.

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

VCPF-67-000017 - Performance Charts must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.

SYSTEM AND COMMUNICATIONS PROTECTION

VCPF-67-000018 - Performance Charts must limit the number of allowed connections.

SYSTEM AND COMMUNICATIONS PROTECTION

VCPF-67-000019 - Performance Charts must set 'URIEncoding' to UTF-8 - URIEncoding to UTF-8.

SYSTEM AND INFORMATION INTEGRITY

VCPF-67-000020 - Performance Charts must use the 'setCharacterEncodingFilter' filter - filter

SYSTEM AND INFORMATION INTEGRITY

VCPF-67-000020 - Performance Charts must use the 'setCharacterEncodingFilter' filter - filter-mapping

SYSTEM AND INFORMATION INTEGRITY

VCPF-67-000021 - Performance Charts must set the welcome-file node to a default web page.

SYSTEM AND INFORMATION INTEGRITY

VCPF-67-000022 - Performance Charts must not show directory listings.

SYSTEM AND INFORMATION INTEGRITY

VCPF-67-000023 - Performance Charts must be configured to show error pages with minimal information.

SYSTEM AND INFORMATION INTEGRITY

VCPF-67-000024 - Performance Charts must not enable support for TRACE requests.

SYSTEM AND INFORMATION INTEGRITY

VCPF-67-000025 - Performance Charts must have the debug option turned off.

SYSTEM AND INFORMATION INTEGRITY

VCPF-67-000026 - Performance Charts must properly configure log sizes and rotation - MaxBackupIndex

AUDIT AND ACCOUNTABILITY

VCPF-67-000026 - Performance Charts must properly configure log sizes and rotation - MaxFileSize

AUDIT AND ACCOUNTABILITY

VCPF-67-000027 - Rsyslog must be configured to monitor and ship Performance Charts log files - localhost_access

AUDIT AND ACCOUNTABILITY

VCPF-67-000027 - Rsyslog must be configured to monitor and ship Performance Charts log files - runtime

AUDIT AND ACCOUNTABILITY

VCPF-67-000028 - Performance Charts must be configured with the appropriate ports - http

CONFIGURATION MANAGEMENT

VCPF-67-000028 - Performance Charts must be configured with the appropriate ports - https

CONFIGURATION MANAGEMENT

VCPF-67-000029 - Performance Charts must disable the shutdown port.

SYSTEM AND COMMUNICATIONS PROTECTION

VCPF-67-000030 - Performance Charts must set the secure flag for cookies.

SYSTEM AND COMMUNICATIONS PROTECTION

VCPF-67-000031 - Performance Charts must be configured to limit access to internal packages.

CONFIGURATION MANAGEMENT