← Back to IBM z/OS RACF Security Technical Implementation Guide

V-223864

CAT II (Medium)

The IBM z/OS startup user account for the z/OS UNIX Telnet Server must be properly defined.

Rule ID

SV-223864r1137691_rule

STIG

IBM z/OS RACF Security Technical Implementation Guide

Version

V9R8

CCIs

CCI-000213

Discussion

The PROFILE.TCPIP configuration file provides system operation and configuration parameters for the TN3270 Telnet Server. Several of these parameters have potential impact to system security. Failure to code the appropriate values could result in unexpected operations and degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services.

Check Content

From the ISPF Command Shell enter:
omvs
cd /etc
cat inetd.conf

If the otelnetd command specifies any user other than OMVS or OMVSKERN, this is a finding.

Fix Text

The user account used at the startup of otelnetd is specified in the inetd configuration file. This account is used to perform the identification and authentication of the user requesting the session. Because the account is only used until user authentication is completed, there is no need for a unique account for this function. The z/OS UNIX kernel account can be used.