Title

IBM z/OS UNIX Telnet Server warning banner must be properly specified. (Cat II impact)

Discussion

Display of a standardized and approved use notification before granting access to the publicly accessible operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System use notifications are required only for access via logon interfaces with human users and are not required when such human interfaces do not exist.

Check Content

From the ISPF Command Shell enter: ISHELL Enter /etc/ for a pathname; a CD /etc/ may need to be issued. select FILE NAME inetd.conf If Option -D login is included on the otelnetd command, this is not a finding. If Option -c 900 is included on the otelnetd command, this is not a finding. NOTE: "900" indicates a session timeout value of "15" minutes and is currently the maximum value allowed.

Fix Text

Configure the startup parameters in the inetd.conf file for otelnetd to conform to the specifications below. The otelnetd startup command includes the options -D login and -c 900, where: -D login indicates that messages should be written to the syslogd facility for login and logout activity. -c 900 indicates that the Telnet session should be terminated after "15" minutes of inactivity. NOTE: "900" is the maximum value; any value between "1" and "900" is acceptable.

Additional Identifiers

Rule ID: SV-223642r953874_rule

Vulnerability ID: V-223642

Group Title: SRG-OS-000228-GPOS-00088

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.