The IBM RACF classes required to properly secure the z/OS UNIX environment must be ACTIVE.
An XCCDF Rule
Description
<VulnDiscussion>In certain situations, software applications/programs need to execute with elevated privileges to perform required functions. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking such applications/programs, those users are indirectly provided with greater privileges than assigned by the organizations.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-223850r853640_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Define the ACTIVE CLASS Parameter in SETROPTS to include the FACILITY, SURROGAT and UNIXPRIV resource classes.
EXAMPLES:
SETR CLASSACT(FACILITY SURROGAT UNIXPRIV)
SETR GENERIC(FACILITY SURROGAT UNIXPRIV)