I do not really like this example: the DIAG 8 call works indeed, but
differs too much from the other CP commands. Some readers won't
recognize DIAG(8,xxxx) as a CP command
I'd prefer to code the REXX exec with ADDRESS COMMAND, then no DIAG 8
is required.
address command
"CP SET SECUSER" linux.i "*"
if rc > 0 then do
say "===> Could not establish secondary console for" linux.i,
"RC =" rc
end; else do
"CP SEND" linux.i "halt"
"CP SLEEP 1 SEC"
"CP SET SECUSER" linux.i "OPERATOR"
end
More information about ADDRESS COMMAND, and why one should almost ALWAYS use it:
http://www.vm.ibm.com/download/packages/descript.cgi?TCVM1
2008/5/14 Marcy Cortes <[EMAIL PROTECTED]>:
> My memory is gone these days... But sles7 we did something like this:
>
>
>
> "CP SET SECUSER" linux.i "*"
> if rc > 0 then do
> say "===> Could not establish secondary console for" linux.i,
> "RC =" rc
> end
> dummy = diag("08","SEND" linux.i "halt")
> "CP SLEEP 1 SEC"
> "CP SET SECUSER" linux.i "OPERATOR"
> end
>
> It sent the "halt" in lower case.
>
> What I've forgotten is what halt called :) Undoubtedly, it is here on the
> archives of this list from around 2002 or 2003.
>
> Alternatively, is having root always logged into the console an option (we
> consider that safe since you have to login to VM first to get the console
> anyway)?
>
>
> Marcy Cortes
>
> "This message may contain confidential and/or privileged information. If you
> are not the addressee or authorized to receive this for the addressee, you
> must not use, copy, disclose, or take any action based on this message or
> any information herein. If you have received this message in error, please
> advise the sender immediately by reply e-mail and delete this message. Thank
> you for your cooperation."
>
>
>
>
>
> -----Original Message-----
> From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
> Behalf Of Charles LeDuff
> Sent: Wednesday, May 14, 2008 1:01 PM
> To: IBMVM@LISTSERV.UARK.EDU
> Subject: [IBMVM] Linux shutdown and DoD restrictions
>
> I am wondering if there is anyone who has automated the shutdown of linux=
>
> instances in z/VM, that has to follow the Department of Defense (DoD)
> requirements? The requirements, I am referring to, are the Security
> Technical Implementation Guide (STIG).
>
> The SIGNAL command would be the perfect solution, but it requires enablin= g
> the CTL-ALT-DEL function under linux. According to the STIG, the
> CTL-ATL-DEL function cannot be enable.
>
> I have tried using the CP SEND command, in a REXX EXEC, to send the useri= d
> and password to linux, but z/VM changes the case of the letter from lower=
> to upper. Another problem according to the STIG. All passwords must be
> mix= ed case. Is there a way for z/VM to not change the case of the letter?
>
> Is there another way to automate the shutdown of the linux instances?
>
> Looking for any help
> Charles
>
--
Kris Buelens,
IBM Belgium, VM customer support
