STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide

V-240863

CAT II (Medium)

tc Server VCO must disable the shutdown port.

Rule ID

SV-240863r879806_rule

STIG

VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-002385

Discussion

An attacker has at least two reasons to stop a web server. The first is to cause a DoS, and the second is to put in place changes the attacker made to the web server configuration. As a Tomcat derivative, tc Server uses a port (defaults to 8005) as a shutdown port. If enabled, a shutdown signal can be sent to tc Server through this port. To ensure availability, the shutdown port should be disabled.

Check Content

At the command prompt, execute the following command:

grep shutdown /etc/vco/app-server/server.xml

If the value of "shutdown" is not set to "-1" or is missing, this is a finding.

Fix Text

Navigate to and open /etc/vco/app-server/server.xml.

Navigate to the <Server> node.

Add the attribute 'port="-1"' to the <Server> node in the "server.xml" file.