The Security Token Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.

An XCCDF Rule

Description

<VulnDiscussion>Determining a safe state for failure and weighing that against a potential denial of service for users depends on what type of application the web server is hosting. For the Security Token Service, it is preferable that the service abort startup on any initialization failure rather than continuing in a degraded, and potentially insecure, state.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256762r889256_rule
Severity: Medium
References: CCI-001190
Updated: 8 months ago

Navigate to and open: 
 
/usr/lib/vmware-sso/vmware-sts/conf/catalina.properties 
 
Add or change the following line: 
 org.apache.catalina.startup.EXIT_ON_INIT_FAILURE=true 
 
Restart the service with the following command: 
 
# vmon-cli --restart sts

The Security Token Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.

Description

Remediation - Manual Procedure