Agreed. Although, why is OPERATOR proposed as an exception?
The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose it
to anyone else. If you received it in error please notify us immediately and
then destroy it.
From: The IBM z/VM Operating System on behalf of Huegel, Thomas
Sent: Wed 26-Sep-07 10:35
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: z/vm security advise requested
I think once you have RACF installed all of the other sevurity problems you
describe are solved.
-----Original Message-----
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] Behalf Of
Lionel B. Dyck
Sent: Wednesday, September 26, 2007 9:30 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: z/vm security advise requested
To keep our auditors happy (assuming that is possible) to secure our
z/vm (5.3) environment I am planning on doing the following. Note that our
environment is purely in support of linux virtualized servers and the only cms
users are the handful of sysprogs supporting z/vm.
1. installing both racf/vm and dirmaint
2. all linux virtual server guests will be defined with LBYONLY
and a LOGONBY for the sysprogs
3. all system machines with the exception of Operator will also be
defined with LBYONLY and LOGONBY for the sysprogs
Does anyone see any issues/exposures with this approach.
Thanks
________________________________
Lionel B. Dyck, Consultant/Specialist
Enterprise Platform Services, Mainframe Engineering
KP-IT Enterprise Engineering, Client and Platform Engineering Services
(CAPES)
925-926-5332 (8-473-5332) | E-Mail: [EMAIL PROTECTED] <mailto:[EMAIL
PROTECTED]>
AIM: lbdyck | Yahoo IM: lbdyck
Kaiser Service Credo: "Our cause is health. Our passion is service.
We're here to make lives better."
"Never attribute to malice what can be caused by miscommunication."
NOTICE TO RECIPIENT: If you are not the intended recipient of this
e-mail, you are prohibited from sharing, copying, or otherwise using or
disclosing its contents. If you have received this e-mail in error, please
notify the sender immediately by reply e-mail and permanently delete this
e-mail and any attachments without reading, forwarding or saving them. Thank
you.
________________________________
<< ella for Spam Control >> has removed 13021 VSE-List messages and set aside
12385 VM-List for me
You can use it too - and it's FREE! www.ellaforspam.com
<http://www.ellaforspam.com/>
