IBM z/OS UNIX Telnet Server warning banner must be properly specified.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-223642 | ACF2-UT-000040 | SV-223642r958586_rule | Medium |
| Description |
|---|
| Display of a standardized and approved use notification before granting access to the publicly accessible operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System use notifications are required only for access via logon interfaces with human users and are not required when such human interfaces do not exist. |
| STIG | Date |
|---|---|
| IBM z/OS ACF2 Security Technical Implementation Guide | 2024-06-24 |
Details
| Check Text ( C-25315r953872_chk ) |
|---|
| From the ISPF Command Shell enter: ISHELL Enter /etc/ for a pathname; a CD /etc/ may need to be issued. select FILE NAME inetd.conf If Option -D login is included on the otelnetd command, this is not a finding. If Option -c 900 is included on the otelnetd command, this is not a finding. NOTE: "900" indicates a session timeout value of "15" minutes and is currently the maximum value allowed. |
| Fix Text (F-25303r953873_fix) |
|---|
| Configure the startup parameters in the inetd.conf file for otelnetd to conform to the specifications below. The otelnetd startup command includes the options -D login and -c 900, where: -D login indicates that messages should be written to the syslogd facility for login and logout activity. -c 900 indicates that the Telnet session should be terminated after "15" minutes of inactivity. NOTE: "900" is the maximum value; any value between "1" and "900" is acceptable. |