Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IBM z/OS startup user account for the z/OS UNIX Telnet Server must be properly defined.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-223864 | RACF-UT-000010 | SV-223864r604139_rule | Medium |
| Description |
|---|
| The PROFILE.TCPIP configuration file provides system operation and configuration parameters for the TN3270 Telnet Server. Several of these parameters have potential impact to system security. Failure to code the appropriate values could result in unexpected operations and degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services. |
| STIG | Date |
|---|---|
| IBM z/OS RACF Security Technical Implementation Guide | 2023-06-13 |
Details
| Check Text ( C-25537r515280_chk ) |
|---|
| From the ISPF Command Shell enter: omvs cd /etc cat inetd.conf If the otelnetd command specifies any user other than OMVS or OMVSKERN, this is a finding. |
| Fix Text (F-25525r515281_fix) |
|---|
| The user account used at the startup of otelnetd is specified in the inetd configuration file. This account is used to perform the identification and authentication of the user requesting the session. Because the account is only used until user authentication is completed, there is no need for a unique account for this function. The z/OS UNIX kernel account can be used. |