The IBM z/OS startup user account for the z/OS UNIX Telnet Server must be properly defined.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-223864	SRG-OS-000080-GPOS-00048	RACF-UT-000010	SV-223864r958472_rule	2025-03-11	9

Description
The PROFILE.TCPIP configuration file provides system operation and configuration parameters for the TN3270 Telnet Server. Several of these parameters have potential impact to system security. Failure to code the appropriate values could result in unexpected operations and degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services.

Description

The PROFILE.TCPIP configuration file provides system operation and configuration parameters for the TN3270 Telnet Server. Several of these parameters have potential impact to system security. Failure to code the appropriate values could result in unexpected operations and degraded security. This exposure may result in unauthorized access impacting data integrity or the availability of some system services.

ℹ️ Check
From the ISPF Command Shell enter: omvs cd /etc cat inetd.conf If the otelnetd command specifies any user other than OMVS or OMVSKERN, this is a finding.

✔️ Fix
The user account used at the startup of otelnetd is specified in the inetd configuration file. This account is used to perform the identification and authentication of the user requesting the session. Because the account is only used until user authentication is completed, there is no need for a unique account for this function. The z/OS UNIX kernel account can be used.