Some configuration statements that are optional in a discretionary security environment are required in a multilevel secure environment. The default behavior of the stack in a discretionary security environment is to permit most applications when these statements are not defined. The default behavior of the stack in a multilevel secure environment is to fail every application when these statements are not defined. Every stack must have an EZB.STACKACCESS profile in the SAF SERVAUTH class. All referenced IP addresses, except intranode management network (INMN) link-local addresses, must be mapped into security zones by NetAccess statements in the TCPIP profile. A profile that covers the resource EZB.FTP.sysname.ftpdaemonname.ACCESS.HFS must be defined in the SAF SERVAUTH class for file system access by FTP users. The EZB.SOCKOPT profile must be defined for the following options in the SAF SERVAUTH class:
In addition, if setting a hop limit greater than the default hop limit, the EZB.SOCKOPT profile must also be defined for the following options in the SAF SERVAUTH class:
For more information, see TCP/IP resource protection.