STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vSphere 7.0 vCenter Appliance Perfcharts Security Technical Implementation Guide

V-256642

CAT II (Medium)

Performance Charts must disable the shutdown port.

Rule ID

SV-256642r888417_rule

STIG

VMware vSphere 7.0 vCenter Appliance Perfcharts Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-002385

Discussion

An attacker has at least two reasons to stop a web server. The first is to cause a denial of service, and the second is to put in place changes the attacker made to the web server configuration. If the Tomcat shutdown port feature is enabled, a shutdown signal can be sent to Performance Charts through this port. To ensure availability, the shutdown port must be disabled.

Check Content

At the command prompt, run the following command:

# grep base.shutdown.port /usr/lib/vmware-perfcharts/tc-instance/conf/catalina.properties

Expected result:

base.shutdown.port=-1

If the output of the command does not match the expected result, this is a finding.

Fix Text

Navigate to and open:

/etc/vmware-eam/catalina.properties

Navigate to the ports specification section.

Add or modify the following line:

base.shutdown.port=-1

Restart the service with the following command:

# vmon-cli --restart perfcharts