Lookup Service must not be configured with the "UserDatabaseRealm" enabled.

An XCCDF Rule

Description

<VulnDiscussion>The Lookup Service performs user authentication at the application level and not through Tomcat. By default, there is no configuration for the "UserDatabaseRealm" Tomcat authentication mechanism. As part of eliminating unnecessary features and to ensure the Lookup Service remains in its shipping state, the lack of a "UserDatabaseRealm" configuration must be confirmed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256715r888736_rule
Severity: Medium
References: CCI-000381
Updated: 8 months ago

Navigate to and open:

/usr/lib/vmware-lookupsvc/conf/server.xml

Remove all <Realm> nodes.
Restart the service with the following command:

# vmon-cli --restart lookupsvc

Lookup Service must not be configured with the "UserDatabaseRealm" enabled.

Description

Remediation - Manual Procedure