STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:SV-223525r533198_rule
V-223525
SRG-OS-000104-GPOS-00051
ACF2-FT-000090
CAT II
10
Define the FTP daemon to run under its own user account. Specifically, it does not share the account defined for the z/OS UNIX kernel.
Define the FTP Server daemon account, privileges, and access authorizations to the ACP using the requirements below.
The following commands can be used to create the user account that is required for the FTP daemon:
SET LID
INSERT FTPD NAME(FTPD) GROUP(STCTCPX) STC
SET PROFILE(USER) DIVISION(OMVS)
INSERT FTPD UID(0) HOME(/) PROGRAM(/bin/sh)
F ACF2,REBUILD(USR),CLASS(P)
From the ISPF Command enter:
ACF
SET LID
LIST LIKE(FTP-) SECTION(ALL) PROFILE(OMVS)
NOTE: The JCL member is typically named FTPD
If all of the following are true, this is not a finding.
If any of the following is untrue, this is a finding.
The FTP daemon logonid is FTPD.
The FTPD logonid is defined with the STC attribute.
The FTPD logonid has the following z/OS UNIX attributes: UID(0), HOME directory ‘/’, shell program /bin/sh.
V-223525
False
ACF2-FT-000090
From the ISPF Command enter:
ACF
SET LID
LIST LIKE(FTP-) SECTION(ALL) PROFILE(OMVS)
NOTE: The JCL member is typically named FTPD
If all of the following are true, this is not a finding.
If any of the following is untrue, this is a finding.
The FTP daemon logonid is FTPD.
The FTPD logonid is defined with the STC attribute.
The FTPD logonid has the following z/OS UNIX attributes: UID(0), HOME directory ‘/’, shell program /bin/sh.
M
4100