STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021:SV-223979r561402_rule
V-223979
SRG-OS-000104-GPOS-00051
TSS0-FT-000070
CAT II
10
Configure FTP daemon with the following items:
-The FTP daemon is started from a JCL procedure library defined to JES2.
NOTE: The JCL member is typically named FTPD.
-The FTP daemon ACID is FTPD.
-The FTPD ACID has the STC facility.
-The FTPD ACID has the following z/OS UNIX attributes:
UID(0), HOME directory ‘/’, shell program /bin/sh.
For example:
TSS CREATE(FTPD) TYPE(USER) NAME(FTPD)
DEPT(existing-dept) FACILITY(STC) PASSWORD(password,0)
TSS ADD(FTPD) DFLTGRP(STCTCPX) GROUP(STCTCPX)
TSS ADD(FTPD) SOURCE(INTRDR)
TSS ADD(FTPD) UID(0) HOME(/) OMVSPGM(/bin/sh)
TSS ADD(FTPD) MASTFAC(TCP)
TSS ADD(STC) PROCNAME(FTPD) ACID(FTPD)
TSS PERMIT(FTPD) IBMFAC(BPX.DAEMON) ACCESS(READ)
TSS PERMIT(FTPD) IBMFAC(BPX.POE) ACCESS(READ)
TSS PERMIT(FTPD) SERVAUTH(EZB.STACKACCESS.)ACCESS(READ)
From the ISPD Command Shell enter:
TSS LIST(FTPD) SEGMENT(OMVS)
NOTE: The JCL member is typically named FTPD
If the FTPD ACID has the STC facility this is not a finding.
If the FTPD ACID has the following z/OS UNIX attributes this is not a finding.
UID(0), HOME directory ‘/’, shell program /bin/sh.
V-223979
False
TSS0-FT-000070
From the ISPD Command Shell enter:
TSS LIST(FTPD) SEGMENT(OMVS)
NOTE: The JCL member is typically named FTPD
If the FTPD ACID has the STC facility this is not a finding.
If the FTPD ACID has the following z/OS UNIX attributes this is not a finding.
UID(0), HOME directory ‘/’, shell program /bin/sh.
M
4102