The IBM z/OS UNIX Telnet server warning banner must be properly specified.
DISA Rule
SV-224103r561402_rule
Vulnerability Number
V-224103
Group Title
SRG-OS-000228-GPOS-00088
Rule Version
TSS0-UT-000050
Severity
CAT II
CCI(s)
- CCI-001387 - The information system, for publicly accessible systems, displays references, if any, to auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001386 - The information system, for publicly accessible systems, displays references, if any, to recording that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001388 - The information system, for publicly accessible systems, includes a description of the authorized uses of the system.
- CCI-001384 - The information system, for publicly accessible systems, displays system use information organization-defined conditions before granting further access.
- CCI-001385 - The information system, for publicly accessible systems, displays references, if any, to monitoring that are consistent with privacy accommodations for such systems that generally prohibit those activities.
Weight
10
Fix Recommendation
The otelnetd startup command should not include the option "-h", where:
-h indicates that the logon banner should not be displayed.
Check Contents
From the ISPF Command Shell enter:
OMVS
cat inetd.conf
If the otelnet startup command includes option "-h" this is a finding.
Vulnerability Number
V-224103
Documentable
False
Rule Version
TSS0-UT-000050
Severity Override Guidance
From the ISPF Command Shell enter:
OMVS
cat inetd.conf
If the otelnet startup command includes option "-h" this is a finding.
Check Content Reference
M
Target Key
4102
Comments
STIGQter: STIG Summary: IBM z/OS TSS Security Technical Implementation Guide Version: 8 Release: 2 Benchmark Date: 23 Apr 2021: