From z/OS RACF STIG
Part of IFTP0030
Associated with IA controls: DCCS-1, DCCS-2
Associated with: CCI-000048 CCI-000366 CCI-001133
The statements in the FTP.DATA configuration file specify the parameters and values that control the operation of the FTP Server components including the use of anonymous FTP. Several of the parameters must have specific settings to provide a secure configuration. Inappropriate values could result in undesirable operations and degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services.
a) Refer to the Data configuration file specified on the SYSFTPD DD statement in the FTP started task JCL. Automated Analysis Refer to the following report produced by the IBM Communications Server Data Collection: - PDI(IFTP0030) b) Ensure the following items are in effect for the configuration statements specified in the FTP Data configuration file: 1) The ANONYMOUS statement is not coded (does not exist) or, if it does exist, it is commented out. NOTE: Other statements prefixed with ANONYMOUS may be present. These statements indicate the level of anonymous support and applicable restrictions if anonymous support is enabled using the ANONYMOUS statement. These other ANONYMOUS-prefixed statements may be ignored. 2) The INACTIVE statement is coded with a value between 1 and 900 (seconds). NOTES: 900 indicates a session timeout value of 15 minutes. 0 disables the inactivity timer check. 3) The UMASK statement is coded with a value of 077. 4) The BANNER statement is coded. c) If all of the above are true, there is NO FINDING. d) If any of the above is untrue, this is a FINDING. FTP.DATA CONFIGURATION STATEMENTS STATEMENT NOT CODED, CODED WITHOUT VALUE, OR PARAMETER VALUE ANONYMOUS [Not Coded] BANNER [An HFS file, e.g., /etc/ftp.banner] INACTIVE [A value between 1 and 900 ] UMASK 077
Review the configuration statements in the FTP.DATA file and ensure they conform to the specifications in the FTP.DATA CONFIGURATION STATEMENTS below: STATEMENT NOT CODED, CODED WITHOUT VALUE, OR PARAMETER VALUE ANONYMOUS [Not Coded] BANNER [An HFS file, e.g., /etc/ftp.banner] INACTIVE [A value between 1 and 900 ] UMASK 077 [See Note 1] NOTE: If the FTP Server requires a UMASK value less restrictive than 077, requirements should be justified and documented with the IAO.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer