I do not really like this example: the DIAG 8 call works indeed, but differs too much from the other CP commands. Some readers won't recognize DIAG(8,xxxx) as a CP command
I'd prefer to code the REXX exec with ADDRESS COMMAND, then no DIAG 8 is required. address command "CP SET SECUSER" linux.i "*" if rc > 0 then do say "===> Could not establish secondary console for" linux.i, "RC =" rc end; else do "CP SEND" linux.i "halt" "CP SLEEP 1 SEC" "CP SET SECUSER" linux.i "OPERATOR" end More information about ADDRESS COMMAND, and why one should almost ALWAYS use it: http://www.vm.ibm.com/download/packages/descript.cgi?TCVM1 2008/5/14 Marcy Cortes <[EMAIL PROTECTED]>: > My memory is gone these days... But sles7 we did something like this: > > > > "CP SET SECUSER" linux.i "*" > if rc > 0 then do > say "===> Could not establish secondary console for" linux.i, > "RC =" rc > end > dummy = diag("08","SEND" linux.i "halt") > "CP SLEEP 1 SEC" > "CP SET SECUSER" linux.i "OPERATOR" > end > > It sent the "halt" in lower case. > > What I've forgotten is what halt called :) Undoubtedly, it is here on the > archives of this list from around 2002 or 2003. > > Alternatively, is having root always logged into the console an option (we > consider that safe since you have to login to VM first to get the console > anyway)? > > > Marcy Cortes > > "This message may contain confidential and/or privileged information. If you > are not the addressee or authorized to receive this for the addressee, you > must not use, copy, disclose, or take any action based on this message or > any information herein. If you have received this message in error, please > advise the sender immediately by reply e-mail and delete this message. Thank > you for your cooperation." > > > > > > -----Original Message----- > From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On > Behalf Of Charles LeDuff > Sent: Wednesday, May 14, 2008 1:01 PM > To: IBMVM@LISTSERV.UARK.EDU > Subject: [IBMVM] Linux shutdown and DoD restrictions > > I am wondering if there is anyone who has automated the shutdown of linux= > > instances in z/VM, that has to follow the Department of Defense (DoD) > requirements? The requirements, I am referring to, are the Security > Technical Implementation Guide (STIG). > > The SIGNAL command would be the perfect solution, but it requires enablin= g > the CTL-ALT-DEL function under linux. According to the STIG, the > CTL-ATL-DEL function cannot be enable. > > I have tried using the CP SEND command, in a REXX EXEC, to send the useri= d > and password to linux, but z/VM changes the case of the letter from lower= > to upper. Another problem according to the STIG. All passwords must be > mix= ed case. Is there a way for z/VM to not change the case of the letter? > > Is there another way to automate the shutdown of the linux instances? > > Looking for any help > Charles > -- Kris Buelens, IBM Belgium, VM customer support