Title

The IBM z/OS startup user account for the z/OS UNIX Telnet Server must be properly defined. (Cat II impact)

Discussion

The PROFILE.TCPIP configuration file provides system operation and configuration parameters for the TN3270 Telnet Server. Several of these parameters have potential impact to system security. Failure to code the appropriate values could result in unexpected operations and degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services.

Check Content

From the ISPF Command Shell enter: omvs cd /etc cat inetd.conf If the otelnetd command specifies any user other than OMVS or OMVSKERN, this is a finding.

Fix Text

The user account used at the startup of otelnetd is specified in the inetd configuration file. This account is used to perform the identification and authentication of the user requesting the session. Because the account is only used until user authentication is completed, there is no need for a unique account for this function. The z/OS UNIX kernel account can be used.

Additional Identifiers

Rule ID: SV-223864r604139_rule

Vulnerability ID: V-223864

Group Title: SRG-OS-000080-GPOS-00048

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.