Re: VM to zLinux Remote Execution
In my case, the access through the 3270 console of Linux guests is safe. Since I have incorporated the protection of a password protected by ESM. And additionally use Operations Manager to access the consoles and the product also provides an authentication mechanism to allow access to consoles. So only authorized personnel can access. Using a console management tool is not only limited to sending commands to the linux guest, you can additionally detect command responses and take actions based on these responses. That can range from a simple command, to something more complex as sending an email or a modification to the virtual machine dynamically. You could even send a script to linux guests through console 3270. In my case I use it for shutdown/startup of applications linux from cms. Obviously this helps my case, but if you want to edit files on linux or use panels that is not the solution. Regards and Have a great day. -- Victor Hugo Ochoa Avila z/OS z/VM systems programmer Mexico, City. 2011/7/22 Marcy Cortes marcy.d.cor...@wellsfargo.com Its not unprotected presuming you have a zvm ESM password protecting your console access using authenticated users. It does work remotely too provided you have a vm operations type product. Of course send should be protected and the ID that is secondary should be restricted as well. Marcy. Sent from my BlackBerry. *From*: Scott Rohling [mailto:scott.rohl...@gmail.com] *Sent*: Friday, July 22, 2011 05:27 PM *To*: IBMVM@LISTSERV.UARK.EDU IBMVM@LISTSERV.UARK.EDU *Subject*: Re: [IBMVM] VM to zLinux Remote Execution On Fri, Jul 22, 2011 at 4:08 PM, Marcy Cortes marcy.d.cor...@wellsfargo.com wrote: Another option would be a CP SEND command from a VM user that was SECUSER to the linux console. You have to alter /etc/inittab to have root logged in at boot. It makes security auditors drool and convulse if you do that.. an open console with root access. So anyone with SEND priv can be root. gasp REXEC at least does authentication (unencrypted though it may be) This 'is' a nice simple way to talk to a local Linux from CMS in a pinch though.. you will need an EXEC to do the CP SEND so that Address Command can be used and not have it all uppercased. (and set secuser or observer to see the output). I've done this on occasion to diagnose or fix network issues when we can't get in via ssh. But I normally 'login' using the same method (send root - send password -- which glows like a theatre marquee on your own console) - rather than have root logged in automatically. Then start sending commands -- then finish with 'exit'. You also need to know the root (or other user) password though, which you don't if root is automatically logged in. This also (obviously) does not work 'remote' -- only when on the same lpar. I think I've used up my parentheses quota.. Scott Rohling Marcy. Sent from my BlackBerry. - Original Message - From: Davis, Larry (National VM/VSE Capability) [mailto: larry.dav...@hp.com] Sent: Friday, July 22, 2011 04:36 PM To: IBMVM@LISTSERV.UARK.EDU IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] VM to zLinux Remote Execution Glad to here Larry Davis -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Tom Duerbusch Sent: Friday, July 22, 2011 5:26 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VM to zLinux Remote Execution How about that. It is there, just like you said. I kept looking for REXEC(D) in the Network Service Configuration panel. Then opening port 512 in the firewall of the Linux machine. And then adding the client machine (VM) to HOSTNAMES on Linux solved the security problem. However, I didn't have to install anything. tcpd was already there in SLES 11 SP 1. But that could have been due to the patterns I selected at install time. So everything is working finefor now. Thanks Tom Duerbusch THD Consulting Davis, Larry (National VM/VSE Capability) larry.dav...@hp.com 7/22/2011 1:07 PM The service is called exec in xinetd and it is located in /usr/sbin/tcpd I had to install it from the repository it was not there by default. Try looking for exec or tcpd in the repository Larry Davis -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Tom Duerbusch Sent: Friday, July 22, 2011 2:02 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VM to zLinux Remote Execution I've searched for the basic REXEC daemon for zSeries SLES 11, but I couldn't find anything. I could have been looking in the wrong place. Tom Duerbusch THD Consulting Davis, Larry (National VM/VSE Capability) larry.dav...@hp.com 7/22/2011 12:34 PM REXEC is available in Linux but you will get Auditors screaming about it. We got a wavier at our site. You can use IPTABLES to restrict REXEC access from/to certain systems. Larry Davis
VM workshop at OSU
I'm attending this workshop and I am not familiar with the area where it will be held. The 1739 N. High Street address doesn't make sense when compared to the links provided on the workshop web page. There are no addresses provided for any of the hotels. Googleing wasn't much help. So, if anyone, whether attending or not, is familiar with the area, could you provide some directions. You can respond on or off line. Thanks, Steve
Re: VM workshop at OSU
The OSU Union building is in High Street. Here are the directions from the website. They are correct as we are there now: http://ohiounion.osu.edu/visit_the_union/directions On 7/27/11 12:22 PM, Gentry, Steve steve.gen...@westernsouthernlife.com wrote: I'm attending this workshop and I am not familiar with the area where it will be held. The 1739 N. High Street address doesn't make sense when compared to the links provided on the workshop web page. There are no addresses provided for any of the hotels. Googleing wasn't much help. So, if anyone, whether attending or not, is familiar with the area, could you provide some directions. You can respond on or off line. Thanks, Steve
Re: VM workshop at OSU
BTW I will be tweeting (or trying to anyway) using the #vmworkshop tag during the week. On 7/27/11 12:22 PM, Gentry, Steve steve.gen...@westernsouthernlife.com wrote: I'm attending this workshop and I am not familiar with the area where it will be held. The 1739 N. High Street address doesn't make sense when compared to the links provided on the workshop web page. There are no addresses provided for any of the hotels. Googleing wasn't much help. So, if anyone, whether attending or not, is familiar with the area, could you provide some directions. You can respond on or off line. Thanks, Steve
Re: VM workshop at OSU
On 07/27/2011 11:22 AM, Gentry, Steve wrote: I’m attending this workshop and I am not familiar with the area where it will be held. The 1739 N. High Street address doesn’t make sense when compared to the links provided on the workshop web page. There are no addresses provided for any of the hotels. Googleing wasn’t much help. So, if anyone, whether attending or not, is familiar with the area, could you provide some directions. You can respond on or off line. Thanks, Steve I put the address of the University Plaza Hotel into Google Maps and it came right up: 3110 Olentangy River Road, Columbus, OH -- Rich Smrcina Velocity Software, Inc. http://www.velocitysoftware.com Catch the WAVV! http://www.wavv.org WAVV 2012 - April 13-17, 2012 Covington, KY
Re: VM workshop at OSU
I'm attending this workshop and I am not familiar with the area where it will be held. The 1739 N. High Street address doesn't make sense when compared to the links provided on the workshop web page. There are no addresses provided for any of the hotels. Googleing wasn't much help. So, if anyone, whether attending or not, is familiar with the area, could you provide some directions. You can respond on or off line. Steve: The OSU web site is http://ohiounion.osu.edu/. I don't understand what you mean about the address not making sense, as that is the address of the Union building. University Plaza - http://www.universityplazaosu.com/ Varsity Inn North - http://www.varsityinnosunorth.com/ Blackwell Inn - http://www.theblackwell.com/ Hilton - http://www.hiltongardeninn.com/en/gi/hotels/index.jhtml?ctyhocn=CMHUAGI Hyatt Place - http://columbusosu.place.hyatt.com/hyatt/hotels/place/ Jim
Re: VM workshop at OSU
Thank you all for your help. Coordinates plugged in. Nav Computer is calculating fastest path and alt. path. The jump to light speed will occur later this afternoon. Steve -Original Message- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Jim Elliott Sent: Wednesday, July 27, 2011 12:48 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: VM workshop at OSU I'm attending this workshop and I am not familiar with the area where it will be held. The 1739 N. High Street address doesn't make sense when compared to the links provided on the workshop web page. There are no addresses provided for any of the hotels. Googleing wasn't much help. So, if anyone, whether attending or not, is familiar with the area, could you provide some directions. You can respond on or off line. Steve: The OSU web site is http://ohiounion.osu.edu/. I don't understand what you mean about the address not making sense, as that is the address of the Union building. University Plaza - http://www.universityplazaosu.com/ Varsity Inn North - http://www.varsityinnosunorth.com/ Blackwell Inn - http://www.theblackwell.com/ Hilton - http://www.hiltongardeninn.com/en/gi/hotels/index.jhtml?ctyhocn=CMHUAGI Hyatt Place - http://columbusosu.place.hyatt.com/hyatt/hotels/place/ Jim
Re: VM workshop at OSU
Wait, no site-to-site transport? Oh, maybe next year... On 07/27/2011 01:38 PM, Gentry, Steve wrote: Thank you all for your help. Coordinates plugged in. Nav Computer is calculating fastest path and alt. path. The jump to light speed will occur later this afternoon. Steve -- Rich Smrcina Velocity Software, Inc. http://www.velocitysoftware.com Catch the WAVV! http://www.wavv.org WAVV 2012 - April 13-17, 2012 Covington, KY