Title

z/OS UNIX OMVS parameters in PARMLIB are not properly specified. (Cat II impact)

Discussion

Parameter settings in PARMLIB and /etc specify values for z/OS UNIX security controls. The parameters impact HFS data access and operating system services. Undesirable values can allow users to gain inappropriate privileges that could impact data integrity or the availability of some system services.

Check Content

a) Refer to the following report produced by the z /OS Data Collection: - EXAM.RPT(PARMLIB) - Refer to the IEASYSxx listing(s). Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI (ZUSS0011) NOTE: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM’s Communication Server TCP/IP will not run. b) If the parameter is specified as OMVS=xx or OMVS=(xx,xx,…) in the IEASYSxx member, there is NO FINDING. c) If the parameter is not specified as OMVS=xx or OMVS=(xx,xx,…), this is a FINDING.

Fix Text

Review the settings in PARMLIB and /etc for z/OS UNIX security parameters and ensure that the values conform to the specifications below: The parameter is specified as OMVS=xx or OMVS=(xx,xx,…) in the IEASYSxx member. NOTE: If the OMVS statement is not specified, OMVS=DEFAULT is used. In minimum mode there is no access to permanent file systems or to the shell, and IBM’s Communication Server TCP/IP will not run.

Additional Identifiers

Rule ID: SV-7245r2_rule

Vulnerability ID: V-6944

Group Title: ZUSS0011

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.