Check: ACF2-UT-000050
IBM z/OS ACF2 STIG:
ACF2-UT-000050
(in versions v8 r14 through v7 r1)
Title
IBM z/OS UNIX Telnet Server Startup parameters must be properly specified to display the banner. (Cat II impact)
Discussion
Display of a standardized and approved use notification before granting access to the publicly accessible operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System use notifications are required only for access via logon interfaces with human users and are not required when such human interfaces do not exist.
Check Content
From the ISPF Command Shell enter: OMVS CD /etc cat inetd.config If "-h" is included on the otelnetd statement, this is a finding. ("-h" indicates that a banner will not be displayed.)
Fix Text
Configure the otelnetd startup command in the inetd.conf file to not include "-h".
Additional Identifiers
Rule ID: SV-223643r864509_rule
Vulnerability ID: V-223643
Group Title: SRG-OS-000228-GPOS-00088
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
Implement the security configuration settings. |
| CCI-001384 |
For publicly accessible systems, display system use information with organization-defined conditions before granting further access to the publicly accessible system. |
| CCI-001385 |
For publicly accessible systems, displays references, if any, to monitoring that are consistent with privacy accommodations for such systems that generally prohibit those activities. |
| CCI-001386 |
For publicly accessible systems, displays references, if any, to recording that are consistent with privacy accommodations for such systems that generally prohibit those activities. |
| CCI-001387 |
For publicly accessible systems, displays references, if any, to auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities. |
| CCI-001388 |
For publicly accessible systems, includes a description of the authorized uses of the system. |