UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

FTP.DATA configuration statements for the FTP Server are not specified in accordance with requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3235 IFTP0030 SV-3235r2_rule DCCS-1 DCCS-2 Medium
Description
The statements in the FTP.DATA configuration file specify the parameters and values that control the operation of the FTP Server components including the use of anonymous FTP. Several of the parameters must have specific settings to provide a secure configuration. Inappropriate values could result in undesirable operations and degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services.
STIG Date
z/OS ACF2 STIG 2016-01-04

Details

Check Text ( C-20016r1_chk )
a) Refer to the Data configuration file specified on the SYSFTPD DD statement in the FTP started task JCL.

Automated Analysis
Refer to the following report produced by the IBM Communications Server Data Collection:

- PDI(IFTP0030)

b) Ensure the following items are in effect for the configuration statements specified in the FTP Data configuration file:

1) The ANONYMOUS statement is not coded (does not exist) or, if it does exist, it is commented out.

NOTE: Other statements prefixed with ANONYMOUS may be present. These statements indicate the level of anonymous support and applicable restrictions if anonymous support is enabled using the ANONYMOUS statement. These other ANONYMOUS-prefixed statements may be ignored.

2) The INACTIVE statement is coded with a value between 1 and 900 (seconds).

NOTES: 900 indicates a session timeout value of 15 minutes.
0 disables the inactivity timer check.

3) The UMASK statement is coded with a value of 077.

4) The BANNER statement is coded.

c) If all of the above are true, there is NO FINDING.

d) If any of the above is untrue, this is a FINDING.

FTP.DATA CONFIGURATION STATEMENTS
STATEMENT NOT CODED,
CODED WITHOUT VALUE,
OR PARAMETER VALUE
ANONYMOUS [Not Coded]
BANNER [An HFS file, e.g., /etc/ftp.banner]
INACTIVE [A value between 1 and 900 ]
UMASK 077
Fix Text (F-18159r1_fix)
Review the configuration statements in the FTP.DATA file and ensure they conform to the specifications in the

FTP.DATA CONFIGURATION STATEMENTS below:

STATEMENT NOT CODED,
CODED WITHOUT VALUE,
OR PARAMETER VALUE

ANONYMOUS [Not Coded]

BANNER [An HFS file, e.g., /etc/ftp.banner]

INACTIVE [A value between 1 and 900 ]

UMASK 077 [See Note 1]

NOTE: If the FTP Server requires a UMASK value less restrictive than 077, requirements should be justified and documented with the IAO.