Skip to content

The IBM z/OS FTP server daemon must be defined with proper security parameters.

An XCCDF Rule

Description

<VulnDiscussion>The FTP Server daemon requires special privileges and access to sensitive resources to provide its system services. Failure to properly define and control the FTP Server daemon could lead to unauthorized access. This exposure may result in the compromise of the integrity and availability of the operating system environment, ACP, and customer data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-223742r868833_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Define the FTP daemon userid and a matching entry in the STARTED resource class enabling the use of the standard userid and an appropriate group. 

Define the FTPD userid as a PROTECTED userid. 

Define the FTPD userid with the following z/OS UNIX attributes: UID(0), HOME directory '/', shell program /bin/sh.