IBM z/OS UNIX Telnet Server Startup parameters must be properly specified to display the banner.
DISA Rule
SV-223643r533198_rule
Vulnerability Number
V-223643
Group Title
SRG-OS-000228-GPOS-00088
Rule Version
ACF2-UT-000050
Severity
CAT II
CCI(s)
- CCI-001387 - The information system, for publicly accessible systems, displays references, if any, to auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001386 - The information system, for publicly accessible systems, displays references, if any, to recording that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001384 - The information system, for publicly accessible systems, displays system use information organization-defined conditions before granting further access.
- CCI-001385 - The information system, for publicly accessible systems, displays references, if any, to monitoring that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001388 - The information system, for publicly accessible systems, includes a description of the authorized uses of the system.
Weight
10
Fix Recommendation
Configure the otelnetd startup command in the inetd.conf file to not include "-h".
Check Contents
From the ISPF Command Shell enter:
OMVS
CD /etc
cat inetd.config
If "-h" is included on the otelnetd statement, this is a finding. ("-h" indicates that a banner will not be displayed.)
Vulnerability Number
V-223643
Documentable
False
Rule Version
ACF2-UT-000050
Severity Override Guidance
From the ISPF Command Shell enter:
OMVS
CD /etc
cat inetd.config
If "-h" is included on the otelnetd statement, this is a finding. ("-h" indicates that a banner will not be displayed.)
Check Content Reference
M
Target Key
4100
Comments
STIGQter: STIG Summary: IBM z/OS ACF2 Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021: