VCST-67-000008 - The Security Token Service application files must be verified for their integrity.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Verifying that the Security Token Service application code is unchanged from its shipping state is essential for file validation and non-repudiation of the Security Token Service. There is no reason the MD5 hash of the rpm original files should be changed after installation, excluding configuration files.

Satisfies: SRG-APP-000131-WSR-000051, SRG-APP-000357-WSR-000150

Solution

Reinstall the VCSA or roll back to a snapshot.

Modifying the Security Token Service installation files manually is not supported by VMware.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001749, CCI|CCI-001849, Rule-ID|SV-239659r679049_rule, STIG-ID|VCST-67-000008, Vuln-ID|V-239659

Plugin: Unix

Control ID: 3433eeeab42529ec9ccb22586868af9fc35fe37365fe934b3b1121b6c9560ffb