DISA STIG VMware vSphere 6.7 STS Tomcat v1r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG VMware vSphere 6.7 STS Tomcat v1r2

Updated: 10/31/2023

Authority: DISA STIG

Plugin: Unix

Revision: 1.4

Estimated Item Count: 40

File Details

Filename: DISA_STIG_VMware_vSphere_6.7_STS_Tomcat_v1r2.audit

Size: 71.7 kB

MD5: 95770921cff2bbb27d7c1ed12bb16112
SHA256: 51206631b5618a2bc156fb8f13adbc109dc3e9f9cc9c0a50ab8adcd05cb15c58

Audit Items

DescriptionCategories
DISA_STIG_VMware_vSphere_6.7_STS_Tomcat_v1r2.audit from DISA VMware vSphere 6.7 STS Tomcat v1r2 STIG
VCST-67-000001 - The Security Token Service must limit the amount of time that each TCP connection is kept alive.
VCST-67-000002 - The Security Token Service must limit the number of concurrent connections permitted.
VCST-67-000003 - The Security Token Service must limit the maximum size of a POST request.
VCST-67-000004 - The Security Token Service must protect cookies from XSS.
VCST-67-000005 - The Security Token Service must record user access in a format that enables monitoring of remote access.
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - .handlers
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - bufferSize
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - directory
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - handlers
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - level
VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - prefix
VCST-67-000007 - Security Token Service log files must only be modifiable by privileged users.
VCST-67-000008 - The Security Token Service application files must be verified for their integrity.
VCST-67-000009 - The Security Token Service must only run one web app.
VCST-67-000010 - The Security Token Service must not be configured with unused realms.
VCST-67-000011 - The Security Token Service must be configured to limit access to internal packages.
VCST-67-000012 - The Security Token Service must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.
VCST-67-000013 - The Security Token Service must have mappings set for Java servlet pages.
VCST-67-000014 - The Security Token Service must not have the Web Distributed Authoring (WebDAV) servlet installed.
VCST-67-000015 - The Security Token Service must be configured with memory leak protection.
VCST-67-000016 - The Security Token Service must not have any symbolic links in the web content directory tree.
VCST-67-000017 - The Security Token Service directory tree must have permissions in an 'out-of-the-box' state - out-of-the-box state.
VCST-67-000018 - The Security Token Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.
VCST-67-000019 - The Security Token Service must limit the number of allowed connections.
VCST-67-000020 - The Security Token Service must set 'URIEncoding' to UTF-8 - URIEncoding to UTF-8.
VCST-67-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter - filter
VCST-67-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter - filter-mapping
VCST-67-000022 - The Security Token Service must set the welcome-file node to a default web page.
VCST-67-000023 - The Security Token Service must not show directory listings.
VCST-67-000024 - The Security Token Service must be configured to show error pages with minimal information.
VCST-67-000025 - The Security Token Service must not enable support for TRACE requests.
VCST-67-000026 - The Security Token Service must have the debug option disabled.
VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - sts-runtime
VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - vmidentity
VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - http
VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - https
VCST-67-000028 - The Security Token Service must be configured with the appropriate ports - localhost.https
VCST-67-000029 - The Security Token Service must disable the shutdown port.
VCST-67-000030 - The Security Token Service must set the secure flag for cookies.