STIGQter: STIG Summary: IBM z/OS RACF Security Technical Implementation Guide Version: 8 Release: 3 Benchmark Date: 23 Apr 2021:

IBM z/OS SMF recording options for the SSH daemon must be configured to write SMF records for all eligible events.

DISA Rule

SV-223806r604139_rule

Vulnerability Number

V-223806

Group Title

SRG-OS-000032-GPOS-00013

Rule Version

RACF-SH-000010

Severity

CAT II

CCI(s)

• CCI-000067 - The information system monitors remote access methods.
• CCI-002884 - The organization audits nonlocal maintenance and diagnostic sessions^ organization-defined audit events.

Weight

10

Fix Recommendation

Configure the SERVERSMF statement in the SSH Daemon configuration file to TYPE119_U83.

Check Contents

Locate the SSH daemon configuration file, which may be found in /etc/ssh/ directory.

Alternately:
From UNIX System Services ISPF Shell navigate to ribbon select tools.
Select option 1 - Work with Processes.

If SSH Daemon is not active, this is not a finding.

Examine SSH daemon configuration file.

If ServerSMF is not coded with ServerSMF TYPE119_U83 or is commented out, this is a finding.

Vulnerability Number

V-223806

Documentable

False

Rule Version

RACF-SH-000010

Severity Override Guidance

Locate the SSH daemon configuration file, which may be found in /etc/ssh/ directory.

Alternately:
From UNIX System Services ISPF Shell navigate to ribbon select tools.
Select option 1 - Work with Processes.

If SSH Daemon is not active, this is not a finding.

Examine SSH daemon configuration file.

If ServerSMF is not coded with ServerSMF TYPE119_U83 or is commented out, this is a finding.

Check Content Reference

M

Target Key

4101

Comments