racf will solve a myrid of issues but our security folks wanted me to set all the system/service/linux machines to nolog and I think this solution will be better all the way around :-)
Lionel B. Dyck, Consultant/Specialist Enterprise Platform Services, Mainframe Engineering KP-IT Enterprise Engineering, Client and Platform Engineering Services (CAPES) 925-926-5332 (8-473-5332) | E-Mail: [EMAIL PROTECTED] AIM: lbdyck | Yahoo IM: lbdyck Kaiser Service Credo: "Our cause is health. Our passion is service. We?re here to make lives better.? ?Never attribute to malice what can be caused by miscommunication.? NOTICE TO RECIPIENT: If you are not the intended recipient of this e-mail, you are prohibited from sharing, copying, or otherwise using or disclosing its contents. If you have received this e-mail in error, please notify the sender immediately by reply e-mail and permanently delete this e-mail and any attachments without reading, forwarding or saving them. Thank you. From: "Huegel, Thomas" <[EMAIL PROTECTED]> To: IBMVM@LISTSERV.UARK.EDU Date: 09/26/2007 07:36 AM Subject: Re: z/vm security advise requested I think once you have RACF installed all of the other sevurity problems you describe are solved. -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] Behalf Of Lionel B. Dyck Sent: Wednesday, September 26, 2007 9:30 AM To: IBMVM@LISTSERV.UARK.EDU Subject: z/vm security advise requested To keep our auditors happy (assuming that is possible) to secure our z/vm (5.3) environment I am planning on doing the following. Note that our environment is purely in support of linux virtualized servers and the only cms users are the handful of sysprogs supporting z/vm. 1. installing both racf/vm and dirmaint 2. all linux virtual server guests will be defined with LBYONLY and a LOGONBY for the sysprogs 3. all system machines with the exception of Operator will also be defined with LBYONLY and LOGONBY for the sysprogs Does anyone see any issues/exposures with this approach. Thanks Lionel B. Dyck, Consultant/Specialist Enterprise Platform Services, Mainframe Engineering KP-IT Enterprise Engineering, Client and Platform Engineering Services (CAPES) 925-926-5332 (8-473-5332) | E-Mail: [EMAIL PROTECTED] AIM: lbdyck | Yahoo IM: lbdyck Kaiser Service Credo: "Our cause is health. Our passion is service. We're here to make lives better." "Never attribute to malice what can be caused by miscommunication." NOTICE TO RECIPIENT: If you are not the intended recipient of this e-mail, you are prohibited from sharing, copying, or otherwise using or disclosing its contents. If you have received this e-mail in error, please notify the sender immediately by reply e-mail and permanently delete this e-mail and any attachments without reading, forwarding or saving them. Thank you. << ella for Spam Control >> has removed 13021 VSE-List messages and set aside 12385 VM-List for me You can use it too - and it's FREE! www.ellaforspam.com
