The Security Token Service must limit the number of allowed connections.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-256763 | VCST-70-000019 | SV-256763r889259_rule | Medium |
| Description |
|---|
| Limiting the number of established connections to the Security Token Service is a basic denial-of-service protection. Servers where the limit is too high or unlimited can potentially run out of system resources and negatively affect system availability. |
| STIG | Date |
|---|---|
| VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide | 2023-06-15 |
Details
| Check Text ( C-60438r889257_chk ) |
|---|
| At the command prompt, run the following command: # xmllint --xpath '/Server/Service/Connector[@port="${bio-custom.http.port}"]/@acceptCount' /usr/lib/vmware-sso/vmware-sts/conf/server.xml Expected result: acceptCount="100" If the output does not match the expected result, this is a finding. |
| Fix Text (F-60381r889258_fix) |
|---|
| Navigate to and open: /usr/lib/vmware-sso/vmware-sts/conf/server.xml Navigate to the Add or change the following value: acceptCount="100" Restart the service with the following command: # vmon-cli --restart sts |