VMware vSphere 7.0 vCenter Appliance Perfcharts Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Performance Charts must protect cookies from cross-site scripting (XSS).
Cookies are a common way to save session state over the HTTP(S) protocol. If an attacker can compromise session data stored in a cookie, they are better able to launch an attack against the server ...Rule Medium Severity -
Performance Charts log files must only be modifiable by privileged users.
Log data is essential in the investigation of events. The accuracy of the information is always pertinent. One of the first steps an attacker will undertake is the modification or deletion of log r...Rule Medium Severity -
Performance Charts application files must be verified for their integrity.
Verifying the Security Token Service application code is unchanged from its shipping state is essential for file validation and nonrepudiation of Performance Charts. There is no reason the MD5 hash...Rule Medium Severity -
Performance Charts must not have the Web Distributed Authoring (WebDAV) servlet installed.
WebDAV is an extension to the HTTP protocol that, when developed, was meant to allow users to create, change, and move documents on a server, typically a web server or web share. WebDAV is not wide...Rule Medium Severity -
Performance Charts must limit the number of allowed connections.
Limiting the number of established connections to Performance Charts is a basic denial-of-service protection. Servers where the limit is too high or unlimited could run out of system resources and ...Rule Medium Severity -
Performance Charts must be configured to show error pages with minimal information.
Web servers will often display error messages to client users, including enough information to aid in the debugging of the error. The information given back in error messages may display the web se...Rule Medium Severity -
Performance Charts must properly configure log sizes and rotation.
To ensure the logging mechanism used by the web server has sufficient storage capacity in which to write the logs, the logging mechanism must be able to allocate log record storage capacity. Perfor...Rule Medium Severity -
Performance Charts default servlet must be set to "readonly".
The default servlet (or DefaultServlet) is a special servlet provided with Tomcat that is called when no other suitable page is found in a particular folder. The DefaultServlet serves static resour...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.