STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:SV-224078r561402_rule
V-224078
SRG-OS-000080-GPOS-00048
TSS0-US-000050
CAT I
10
Ensure that all SUPERUSER resources for the UNIXPRIV resource class are restricted to appropriate system tasks and/or system programming personnel.
Review the following items for the UNIXPRIV resource class:
-The TSS owner defined for the SUPERUSER resource.
-There are no TSS rules that allow access to the SUPERUSER resource.
-There is no TSS rule for CHOWN.UNRESTRICTED defined.
-The TSS rules for each of the SUPERUSER resources listed in the z/OS UNIX System Services Planning, Establishing UNIX security, restrict access to appropriate system tasks or systems programming personnel.
From the ISPF Command Shell enter:
TSS WHOOWNS UNIXPRIV(*)
If the TSS resources and/or generic equivalent for SUPERUSER. is not owned enter:
TSS LIST RDT
If the TSS resources and/or generic equivalent for SUPERUSER. is not owned or DEFPROT is specified for the resource class, this is a finding.
From the ISPF Command Shell enter:
TSS WHOHAS SURROGAT(SUPERUSER.)
If the TSS resource access authorizations restrict BPX.SRV.user to system software processes (e.g., web servers) that act as servers under z/OS UNIX, this is not a finding.
V-224078
False
TSS0-US-000050
From the ISPF Command Shell enter:
TSS WHOOWNS UNIXPRIV(*)
If the TSS resources and/or generic equivalent for SUPERUSER. is not owned enter:
TSS LIST RDT
If the TSS resources and/or generic equivalent for SUPERUSER. is not owned or DEFPROT is specified for the resource class, this is a finding.
From the ISPF Command Shell enter:
TSS WHOHAS SURROGAT(SUPERUSER.)
If the TSS resource access authorizations restrict BPX.SRV.user to system software processes (e.g., web servers) that act as servers under z/OS UNIX, this is not a finding.
M
4102