From z/OS ACF2 STIG
Part of ZUSSA050
Associated with IA controls: DCCS-1, ECCD-2, DCCS-2, ECCD-1
Parameter settings in the ACP impact the security level of z/OS UNIX.
a) Refer to the following report produced by the ACF2 Data Collection: - ACF2CMDS.RPT(ACFGSO) - Classification of System Automated Analysis Refer to the following report produced by the ACF2 Data Collection: - PDI(ZUSSA050) b) If system is classified or does not use the FTP socket application the UNIXOPTS record must specify DFTGROUP() and DFTUSER(), there is NO FINDING. c) If the system is a non classified system, running the FTP socket application and DFTGROUP and DFTUSER control options specify a logon id and GROUP profile, there is NO FINDING. d) If (b) or (c) above is untrue, this is a FINDING.
The IAO will ensure that UINIXOPTS record does not specify DFTGROUP and DFTUSER fields for classified systems and systems not using FTP. If system is classified or does not use the FTP socket application the UNIXOPTS record must specify DFTGROUP() and DFTUSER(). If the system is a non classified system, running the FTP socket application and DFTGROUP and DFTUSER control options specify a logon id and GROUP profile this is the proper security setting. Example: SET C(GSO) LIST UNIXOPTS CHOWNRES DFTGROUP(OMVSDGRP) DFTUSER(OMVSUSER) NODIRACC NODIRSRCH NOFSOBJ NOFSSEC NOGOSETGID NOHFSACL NOHFSSEC NOIPCOBJ NGROUPS(300) NOPROCACT NOPROCESS
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer