OS UNIX Telnet Server are not specified properly.

DISA Rule

SV-3230r2_rule

Vulnerability Number

V-3230

Group Title

IUTN0020

Rule Version

IUTN0020

Severity

CAT II

CCI(s)

CCI-001133 - The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Weight

Fix Recommendation

Review the startup parameters in the inetd.conf file for otelnetd and ensure they conform to the specifications below.

The otelnetd startup command includes the options -D login and -c 900, where:

-D login indicates that messages should be written to the syslogd facility for login and logout activity

-c 900 indicates that the Telnet session should be terminated after 15 minutes of inactivity.

NOTE: The 900 is the maximum value; any value between 1 and 900 is acceptable.

The otelnetd startup command should not include the option -h, where:

-h indicates that the logon banner should not be displayed.

Check Contents

a) Refer to the following report produced by the UNIX System Services Data Collection:

- USSCMDS.RPT(EINETD)

b) Ensure the following items are in effect for the otelnetd startup command:

1) Option -D login is included on the otelnetd command.

2) Option -c 900 is included on the otelnetd command.

NOTE: 900 indicates a session timeout value of 15 minutes and is currently the maximum value allowed.

3) Option -h is not included on the otelnetd command.

c) If all of the items in (b) are true, there is NO FINDING.

d) If any item in (b) is untrue, this is a FINDING.

STIGQter: STIG Summary: z/OS RACF STIG Version: 6 Release: 43 Benchmark Date: 24 Jan 2020: Startup parameters for the z/OS UNIX Telnet Server are not specified properly.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Responsibility

Target Key

Comments