CSAPP_MVRSHD_RHOSTS_DATA
- Description:
- Checks to see if the MVRSHD server is active and detects if a RSH client uses a RHOSTS.DATA dataset for authentication.
- Reason for check:
- The MVRSHD server supports the RSH and REXEC protocols that transfer user ID and password information in the clear. There is also the potential of weak authentication for RSH clients that use RHOSTS.DATA datasets. This authentication method allows remote command execution without requiring the RSH client to supply a password.
- z/OS® releases the check applies to:
- z/OS V2R1 and later, with the PTFs for APARs
PI51640 and OA50122 applied.
- User override of IBM values:
- The following sample shows the defaults for customizable
values for this check. Use this sample to make permanent check
customizations in an HZSPRMxx parmlib member used at
IBM Health Checker for z/OS startup. If you just want a one-time
only update to the check defaults, omit the first line (ADDREPLACE POLICY)
and use the UPDATE statement on a MODIFY hzsproc command.
Note that using non-POLICY UPDATEs in HZSPRMxx can
lead to unexpected results and is therefore not recommended.ADDREPLACE POLICY[(policyname)] [STATEMENT(name)]
UPDATE
CHECK(IBMCS,CSAPP_MVRSHD_RHOSTS_DATA)
DATE('date_of_the_change')
REASON('Your reason for making the update.')
ACTIVE
SEVERITY(MEDIUM)
INTERVAL(ONETIME)
- Debug support:
- No
- Verbose support:
- No
- Parameters accepted:
- No
- Reference:
- For more information on the RHOSTS.DATA dataset, see the Step 3: Permit remote users to access MVS resources (optional) section in z/OS Communications Server: IP Configuration Guide.
- Messages:
- This check issues the following exception messages:
- ISTH030E
- SECLABEL recommended for multilevel security users:
- SYSLOW - see z/OS Planning for Multilevel Security and the Common Criteria for information on using SECLABELs.