STIGQter: STIG Summary: IBM z/VM Using CA VM:Secure Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 Apr 2018:

The IBM z/VM TCP/IP Key database for LDAP or SSL server must be created with the proper permissions.

DISA Rule

SV-93573r1_rule

Vulnerability Number

V-78867

Group Title

SRG-OS-000067-GPOS-00035

Rule Version

IBMZ-VM-000470

Severity

CAT II

CCI(s)

• CCI-000186 - The information system, for PKI-based authentication, enforces authorized access to the corresponding private key.

Weight

10

Fix Recommendation

Ensure proper permissions are assigned to Key databases.

Issue the “OPENVM PERMIT” commands to assign proper permissions.

Check Contents

Issue command openvm list /etc./gskadm/ (own)

If the file permissions are as displayed below, this is not a finding.

User ID Group Name Permissions Type Path name component

gskadmin security rw- r-- --- F ’Database.kdb’

gskadmin security rw- --- --- F ’Database.rdb’

gskadmin security rw- r-- --- F ’Database.sth’

Vulnerability Number

V-78867

Documentable

False

Rule Version

IBMZ-VM-000470

Severity Override Guidance

Issue command openvm list /etc./gskadm/ (own)

If the file permissions are as displayed below, this is not a finding.

User ID Group Name Permissions Type Path name component

gskadmin security rw- r-- --- F ’Database.kdb’

gskadmin security rw- --- --- F ’Database.rdb’

gskadmin security rw- r-- --- F ’Database.sth’

Check Content Reference

M

Target Key

3211

Comments