STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM z/OS ACF2 Security Technical Implementation Guide

V-223592

CAT II (Medium)

IBM z/OS Syslog daemon must be properly defined and secured.

Rule ID

SV-223592r1196248_rule

STIG

IBM z/OS ACF2 Security Technical Implementation Guide

Version

V9R8

CCIs

CCI-000764

Discussion

The Syslog daemon, known as syslogd, is a z/OS Unix daemon that provides a central processing point for log messages issued by other z/OS Unix processes. It is also possible to receive log messages from other network-connected hosts. Some of the IBM Communications Server components that may send messages to Syslog are the FTP, z/OS Unix Telnet, DNS, and DHCP servers. The messages may be of varying importance and may include general process information, diagnostic information, critical error notification, and audit-class information. There is a security interest in protecting the syslogd process and its associated data because of the potential to use this information in an audit process. The Syslog daemon requires special privileges and access to sensitive resources to provide its system services. Failure to properly define and control the Syslog daemon could lead to unauthorized access. This exposure may result in the compromise of the integrity and availability of the operating system environment, ACP, and customer data.

Check Content

The Syslog daemon is defined as SYSLOGD.

From the ACF command screen enter:
SET LID
LIST SYSLOGD

If the Syslog daemon is not defined, this is a finding.

If the SYSLOGD logonid is not defined with the STC attribute, this is a finding.

If the SYSLOGD userid has UID(0), HOME('/'), and PROGRAM('/bin/sh') specified in the OMVS segment, this is not a finding. 

If Syslog daemon is started from /etc/rc then ensure that the _BPX_JOBNAME and _BPX_USERID environment variables are assigned a value of SYSLOGD.

Fix Text

Define the Syslog daemon logonid as SYSLOGD with the STC attribute.

To set up and use as an MVS Started Proc, the following sample commands are provided:
SET LID
INSERT SYSLOGD NAME(SYSLOGD STC) GROUP(stctcpx) STC

The SYSLOGD userid has UID(0), HOME('/'), and PROGRAM('/bin/sh') specified in the OMVS segment.

SET PROFILE(USER) DIVISION(OMVS)
INSERT SYSLOGD UID(0) HOME(/) PROGRAM(/bin/sh)

F ACF2,REBUILD(USR),CLASS(P)

If /etc/rc is used to start the Syslog daemon ensure that the _BPX_JOBNAME and _BPX_ USERID environment variables are assigned a value of SYSLOGD.