STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide

V-241721

CAT II (Medium)

tc Server API must disable the shutdown port.

Rule ID

SV-241721r879806_rule

STIG

VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002385

Discussion

An attacker has at least two reasons to stop a web server. The first is to cause a DoS, and the second is to put in place changes the attacker made to the web server configuration. As a Tomcat derivative, tc Server uses a port (defaults to 8005) as a shutdown port. If enabled, a shutdown signal can be sent to tc Server through this port. To ensure availability, the shutdown port should be disabled.

Check Content

At the command prompt, execute the following command:

grep base.shutdown.port /usr/lib/vmware-vcops/tomcat-enterprise/conf/catalina.properties

If the value of "base.shutdown.port" is not set to "-1" or is missing, this is a finding.

Fix Text

Navigate to and open /usr/lib/vmware-vcops/tomcat-enterprise/conf/catalina.properties.

Navigate to the "base.shutdown.port" setting.

Add the setting 'base.shutdown.port=-1' to the "catalina.properties" file.