The IBM RACF classes required to properly secure the z/OS UNIX environment must be ACTIVE.

An XCCDF Rule

Details
Profiles

Description

In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by the organizations.

ID: SV-223850r958730_rule
Version: RACF-US-000130
Severity: Medium
References: CCI-002233
Updated: about 2 months ago

Remediation Templates

Define the ACTIVE CLASS Parameter in SETROPTS to include the FACILITY, SURROGAT and UNIXPRIV resource classes.

EXAMPLES:
SETR CLASSACT(FACILITY SURROGAT UNIXPRIV) 

SETR GENERIC(FACILITY SURROGAT UNIXPRIV)SETR GENCMD(FACILITY SURROGAT UNIXPRIV)

SETR RACL(FACILITY SURROGAT UNIXPRIV)

The IBM RACF classes required to properly secure the z/OS UNIX environment must be ACTIVE.

Description

Remediation Templates

A Manual Procedure