Check: AAMV0350
zOS RACF STIG:
AAMV0350
(in versions v6 r43 through v6 r30)
Title
Non-existent or inaccessible LINKLIST libraries. (Cat III impact)
Discussion
LINKLIST libraries give a common access point for the general usage of modules. Many of the subsystems installed on a domain rely upon these modules for proper execution. If the list of libraries found in this LINKLIST is not properly maintained, the integrity of the operating environment is subject to compromise.
Check Content
a) Refer to the following report produced by the z/OS Data Collection: - PARMLIB.ACCESS(LNKLSTxx) NOTE: The LNKLSTxx reports are only produced if inaccessible libraries exist. The report names represent the actual SYS1.PARMLIB members where inaccessible libraries are found. If these reports do not exist, there is NO FINDING. Automated Analysis Refer to the following report produced by the z/OS Data Collection: - PDI(AAMV0350) b) If no inaccessible LINKLIST libraries exist, there is NO FINDING. c) If any inaccessible LINKLIST library exists, this is a FINDING.
Fix Text
The systems programmer will ensure that only existing libraries are specified in the Linklist list of libraries. Review all entries contained in the LINKLIST for the actual existence of each library. Develop a plan of action to correct deficiencies. The Linklist is a default set of libraries that MVS searches for a specified program. This facility is used so that a user does not have to know the library names in which utility types of programs are stored. Control over membership in the Linklist is specified within the operating system. The data set SYS1.PARMLIB(LNKLSTxx) is used to specify the library names. (The xx is the suffix designated by the LNK parameter in the IEASYSxx member of SYS1.PARMLIB, or overridden by the computer operator at IPL.) Use the following recommendations and techniques to control the exposures created by the LINKLIST facility: (1) Avoid inclusion of sensitive libraries in the LNKLSTxx member unless absolutely required. (2) The LNKLSTxx and PROGxx (LNKLST entries) members will contain only required libraries. On a semi annual basis, Software Support should review the volume serial numbers, and should verify them in accordance with the system catalog. Software Support will remove all non existent libraries. The IAO should modify and/or delete the rules associated with these libraries.
Additional Identifiers
Rule ID: SV-100r2_rule
Vulnerability ID: V-100
Group Title: AAMV0350
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001762 |
The organization disables organization-defined functions, ports, protocols, and services within the information system deemed to be unnecessary and/or nonsecure. |
| CCI-001764 |
The information system prevents program execution in accordance with organization-defined policies regarding software program usage and restrictions, and/or rules authorizing the terms and conditions of software program usage. |