UCF STIG Viewer Logo

The IBM z/OS startup user account for the z/OS UNIX Telnet Server must be properly defined.


Overview

Finding ID Version Rule ID IA Controls Severity
V-223864 RACF-UT-000010 SV-223864r604139_rule Medium
Description
The PROFILE.TCPIP configuration file provides system operation and configuration parameters for the TN3270 Telnet Server. Several of these parameters have potential impact to system security. Failure to code the appropriate values could result in unexpected operations and degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services.
STIG Date
IBM z/OS RACF Security Technical Implementation Guide 2021-01-05

Details

Check Text ( C-25537r515280_chk )
From the ISPF Command Shell enter:
omvs
cd /etc
cat inetd.conf

If the otelnetd command specifies any user other than OMVS or OMVSKERN, this is a finding.
Fix Text (F-25525r515281_fix)
The user account used at the startup of otelnetd is specified in the inetd configuration file. This account is used to perform the identification and authentication of the user requesting the session. Because the account is only used until user authentication is completed, there is no need for a unique account for this function. The z/OS UNIX kernel account can be used.