STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:

IBM z/OS SMF recording options for the SSH daemon must be configured to write SMF records for all eligible events.

DISA Rule

SV-223586r533198_rule

Vulnerability Number

V-223586

Group Title

SRG-OS-000032-GPOS-00013

Rule Version

ACF2-SH-000010

Severity

CAT II

CCI(s)

• CCI-000067 - The information system monitors remote access methods.
• CCI-002884 - The organization audits nonlocal maintenance and diagnostic sessions^ organization-defined audit events.

Weight

10

Fix Recommendation

Configure the SERVERSMF statement in the SSH Daemon configuration file to TYPE119_U83.

Check Contents

Locate the SSH daemon configuration file which may be found in "/etc/ssh/" directory.

Alternately:

From UNIX System Services ISPF Shell, navigate to ribbon select tools.

Select option 1 - Work with Processes.

If SSH Daemon is not active, this is not a finding.

Examine SSH daemon configuration file.

If ServerSMF is not coded with ServerSMF TYPE119_U83 or is commented out, this is a finding.

Vulnerability Number

V-223586

Documentable

False

Rule Version

ACF2-SH-000010

Severity Override Guidance

Locate the SSH daemon configuration file which may be found in "/etc/ssh/" directory.

Alternately:

From UNIX System Services ISPF Shell, navigate to ribbon select tools.

Select option 1 - Work with Processes.

If SSH Daemon is not active, this is not a finding.

Examine SSH daemon configuration file.

If ServerSMF is not coded with ServerSMF TYPE119_U83 or is commented out, this is a finding.

Check Content Reference

M

Target Key

4100

Comments