Rule ID
SV-256808r889423_rule
Version
V1R2
CCIs
CCI-002385
An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration. If the Tomcat shutdown port feature is enabled, a shutdown signal can be sent to vSphere UI through this port. To ensure availability, the shutdown port must be disabled.
At the command prompt, run the following commands:
# xmllint --format /usr/lib/vmware-vsphere-ui/server/conf/server.xml | sed '2 s/xmlns=".*"//g' | xmllint --xpath '/Server/@port' -
Expected result:
port="${shutdown.port}"
If the output does not match the expected result, this is a finding.
# grep shutdown /etc/vmware/vmware-vmon/svcCfgfiles/vsphere-ui.json|sed -e 's/^[ ]*//'
Expected result:
"-Dshutdown.port=-1",
If the output does not match the expected result, this is a finding.Navigate to and open:
/usr/lib/vmware-vsphere-ui/server/conf/server.xml
Ensure the server port is disabled:
<Server port="${shutdown.port}">
Restart the service with the following command:
# vmon-cli --restart vsphere-ui