STIGQter STIGQter: STIG Summary: z/OS RACF STIG Version: 6 Release: 43 Benchmark Date: 24 Jan 2020: Startup parameters for the z/OS UNIX Telnet Server are not specified properly.

DISA Rule

SV-3230r2_rule

Vulnerability Number

V-3230

Group Title

IUTN0020

Rule Version

IUTN0020

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Review the startup parameters in the inetd.conf file for otelnetd and ensure they conform to the specifications below.

The otelnetd startup command includes the options -D login and -c 900, where:

-D login indicates that messages should be written to the syslogd facility for login and logout activity

-c 900 indicates that the Telnet session should be terminated after 15 minutes of inactivity.

NOTE: The 900 is the maximum value; any value between 1 and 900 is acceptable.

The otelnetd startup command should not include the option -h, where:

-h indicates that the logon banner should not be displayed.

Check Contents

a) Refer to the following report produced by the UNIX System Services Data Collection:

- USSCMDS.RPT(EINETD)

b) Ensure the following items are in effect for the otelnetd startup command:

1) Option -D login is included on the otelnetd command.

2) Option -c 900 is included on the otelnetd command.

NOTE: 900 indicates a session timeout value of 15 minutes and is currently the maximum value allowed.

3) Option -h is not included on the otelnetd command.

c) If all of the items in (b) are true, there is NO FINDING.

d) If any item in (b) is untrue, this is a FINDING.

Vulnerability Number

V-3230

Documentable

False

Rule Version

IUTN0020

Severity Override Guidance

a) Refer to the following report produced by the UNIX System Services Data Collection:

- USSCMDS.RPT(EINETD)

b) Ensure the following items are in effect for the otelnetd startup command:

1) Option -D login is included on the otelnetd command.

2) Option -c 900 is included on the otelnetd command.

NOTE: 900 indicates a session timeout value of 15 minutes and is currently the maximum value allowed.

3) Option -h is not included on the otelnetd command.

c) If all of the items in (b) are true, there is NO FINDING.

d) If any item in (b) is untrue, this is a FINDING.

Check Content Reference

M

Responsibility

Systems Programmer

Target Key

106

Comments