Skip to content

IBM z/OS UNIX SYSTEM FILE SECURITY SETTINGS must be properly protected or specified.

An XCCDF Rule

Description

<VulnDiscussion>If the operating system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process. Satisfies: SRG-OS-000080-GPOS-00048, SRG-OS-000259-GPOS-00100</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-223848r868898_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Define the UNIX permission bits and user audit bits on the HFS files as listed in the table below.

SYSTEM FILE SECURITY SETTINGS
FILE PERMISSION BITS USER AUDIT BITS FUNCTION
/bin/sh 1755 faf z/OS UNIX shell
 Note: /bin/sh has the sticky bit on to improve performance.