In vRealize Log Insight 4.8 the vami-sfcb service has been enabled. This service enabled port 5489 which listens on SSL2 and SSL3 protocols. Some security scanners will alert on this port as a security vulnerability.
The vami-sfcb service is part of a CIM daemon that responds to CIM client requests, which is not needed on vRealize Log Insight and can be safely disabled without affecting vRealize Log Insight.
Environment
VMware vRealize Log Insight 4.8.x
Resolution
The vami-sfcb service can be safely disabled. To do so:
Log into the vRealize Log Insight Primary node as root via SSH or Console.
Run the following command to stop the vami-sfcb service:
service vami-sfcb stop
Run the following command to disable vami-sfcb from restarting on boot:
chkconfig vami-sfcb off
Repeat steps 1-3 on all other nodes in the vRealize Log Insight cluster.