VCST-67-000018 - The Security Token Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Determining a safe state for failure and weighing that against a potential denial of service for users depends on what type of application the web server is hosting. For the Security Token Service, it is preferable that the service abort startup on any initialization failure rather than continuing in a degraded and potentially insecure state.

Solution

Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties.

Add or change the following line:

org.apache.catalina.startup.EXIT_ON_INIT_FAILURE=true

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001190, Rule-ID|SV-239669r679079_rule, STIG-ID|VCST-67-000018, Vuln-ID|V-239669

Plugin: Unix

Control ID: b3f5c0820266060a45484bf02dbee30064e0d76fd6f60799409354be4f47aaf7