-
Notifications
You must be signed in to change notification settings - Fork 0
Checks and Features
Kyri Lea edited this page Apr 28, 2025
·
1 revision
| Check | Function |
|---|---|
| test_ssh | Runs whoami to test running commands over SSH |
| fips_140_2_crypto | Checks if SSH allows any ciphers that don't begin with 3DES or AES |
| inetd_services | Checks if any of the following network protocols are in use: "chargen", "daytime", "discard", "echo", "exec", "finger", " shell", "talk", "qotd", "time", "login", "smtp", "timed", "nameserver", "systat", "uucp", "netstat", "tftp" |
| pki_key_mgmt | Check if keys are being stored in UNIX files rather than ICSF or ESM being used for key management |
| sshv2_only | Checks if the SSH daemon allows SSHv1 connections |
| umask_default | Checks if umask is properly set to 077 and if LOGNAME is set to readonly |
| unix_system_file_security | Checks that permissions on system files are sufficiently restrictive |
| Check | Function |
|---|---|
| racf_for_unix_active | Check if FACILITY, SURROGAT, and UNIXPRIV classes are active to secure the Unix environment |
| jesspool_res_active | Check if JESSPOOL resource class is active, protecting data stored in spool data sets |
| dfsms_racf_active | Check if FACILITY, MGMTCLAS, STORCLAS, and PROGRAM classes are active to secure DFSMS |
| mcs_console_res_active | Check if MCS consoles resource class is active |
| opercmds_res_active | Check if OPERCMDS resource class is active to control the use of operator commands |
| facility_res_active | Check if FACILITY resource class is active to enable control of user privileges |
| when_program_active | Check if WHEN(PROGRAM) is set so program profiles are secure |
| group_access_chk_active | Check if group access checking is active |
| real_data_set_names | Check if REALDSN RACF value is active, to associate the identity of subjects with events |
| retention_period | Checks if a retention period for data sets is set |
| saudit_value_set | Checks if RACF is logging all commands ran by users with SPECIAL permissions |
| jes_batchallracf | Check if all batch jobs run with a RACF identity |
| jes_xbmallracf | Check if all batch jobs run with a RACF identity |
| inactive_id_revoke | Check if inactive identifiers are revoked after 35 days or less |
| password_history | Checks if a user's new password is the same as any of the past 5 passwords |
| unix_res_protected | Lists accounts that have access to the ACP data set rules for APF libraries |
| restricted_tsoauth_users | TODO |
| tcp_ip_res_protected | TODO |
| Check | Function |
|---|---|
| usercatalog | Provides information about the User Catalogs, including permissions, encryption, and location |
| Script | Function |
|---|---|
| ENUM | Gathers a variety of information about the system for use in a pentest |
| SETRRCVT | Gather information from RACF without high-level credentials |
| testrexx | Test that it is possible to upload and execute REXX scripts |