← Back to VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide

V-241638

CAT II (Medium)

tc Server ALL must exclude installation of utility programs, services, plug-ins, and modules not necessary for operation.

Rule ID

SV-241638r879587_rule

STIG

VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000381

Discussion

Just as running unneeded services and protocols is a danger to the web server at the lower levels of the OSI model, running unneeded utilities and programs is also a danger at the application layer of the OSI model. Office suites, development tools, and graphical editors are examples of such programs that are troublesome. Because tc Server is installed as part of the entire vROps application, and not installed separately, VMware has ensured that no unnecessary utilities and programs have been included in tc Server.

Check Content

Obtain supporting documentation from the ISSO.

Review the web server documentation and deployed configuration to determine if utility programs, services, plug-ins, and modules not necessary for operation have been removed.

If utility programs, services, plug-ins, and modules not necessary for operation have not been removed, this is a finding.

Fix Text

Document the removal of all utility programs, services, plug-ins, and modules not necessary for operation and ensure the web server configuration does not contain any utility programs, services, plug-ins, and modules not necessary for operation.