STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:SV-223634r533198_rule
V-223634
SRG-OS-000104-GPOS-00051
ACF2-US-000190
CAT II
10
Define the user ID identified in the BPXPRM00 SUPERUSER parameter as specified below:
No access to interactive on-line facilities (e.g., TSO, CICS, etc)
Default group specified as OMVSGRP or STCOMVS
UID(0)
HOME directory specified as "/"
Shell program specified as "/bin/sh"
Refer to system PARMLIB member BPXPRMxx (xx is determined by OMVS entry in IEASYS00.)
Determine the user ID identified by the SUPERUSER parameter. (BPXROOT is the default).
From a command input screen enter:
SET LID
LIST LIKE (superuser userid)
If the SUPERUSER userid is defined as follows, this is not a finding.
- No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
- Default group specified as OMVSGRP or STCOMVS
From an ACF command input screen enter:
SET PROFILE(USER) DIVISION(OMVS)
SET VERBOSE
LIST <superuser userid>
If the SUPERUSER userid is defined as follows, this is not a finding:
- UID(0)
- HOME directory specified as “/”
- Shell program specified as “/bin/sh”
V-223634
False
ACF2-US-000190
Refer to system PARMLIB member BPXPRMxx (xx is determined by OMVS entry in IEASYS00.)
Determine the user ID identified by the SUPERUSER parameter. (BPXROOT is the default).
From a command input screen enter:
SET LID
LIST LIKE (superuser userid)
If the SUPERUSER userid is defined as follows, this is not a finding.
- No access to interactive on-line facilities (e.g., TSO, CICS, etc.)
- Default group specified as OMVSGRP or STCOMVS
From an ACF command input screen enter:
SET PROFILE(USER) DIVISION(OMVS)
SET VERBOSE
LIST <superuser userid>
If the SUPERUSER userid is defined as follows, this is not a finding:
- UID(0)
- HOME directory specified as “/”
- Shell program specified as “/bin/sh”
M
4100