The Security Token Service must limit the number of allowed connections.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-256763 | VCST-70-000019 | SV-256763r889259_rule | CCI-001094 | medium |
| Description | ||||
| Limiting the number of established connections to the Security Token Service is a basic denial-of-service protection. Servers where the limit is too high or unlimited can potentially run out of system resources and negatively affect system availability. | ||||
| STIG | Date | |||
| VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide | 2023-06-15 | |||
Details
Check Text (C-256763r889259_chk)
At the command prompt, run the following command:
# xmllint --xpath '/Server/Service/Connector[@port="${bio-custom.http.port}"]/@acceptCount' /usr/lib/vmware-sso/vmware-sts/conf/server.xml
Expected result:
acceptCount="100"
If the output does not match the expected result, this is a finding.
Fix Text (F-60381r889258_fix)
Navigate to and open:
/usr/lib/vmware-sso/vmware-sts/conf/server.xml
Navigate to the <Connector> configured with port="${bio-custom.http.port}".
Add or change the following value:
acceptCount="100"
Restart the service with the following command:
# vmon-cli --restart sts