The vCenter Lookup service must have Autodeploy disabled.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-259061 | SRG-APP-000141-AS-000095 | VCLU-80-000139 | SV-259061r960963_rule | 2024-07-11 | 2 |
| Description |
|---|
| Tomcat allows auto-deployment of applications while it is running. This can allow untested or malicious applications to be automatically loaded into production. Autodeploy must be disabled in production. |
| ℹ️ Check |
|---|
| At the command prompt, run the following command: # xmllint --xpath "//Host/@autoDeploy" /usr/lib/vmware-lookupsvc/conf/server.xml Expected result: autoDeploy="false" If "autoDeploy" does not equal "false", this is a finding. |
| ✔️ Fix |
|---|
| Navigate to and open: /usr/lib/vmware-lookupsvc/conf/server.xml Navigate to the <Host> node and configure with the value "autoDeploy="false"". Restart the service with the following command: # vmon-cli --restart lookupsvc |