Re: LINUX Security
On Wednesday 11 December 2002 04:42 am, you wrote: Hello, we have just started to research SUSE Linux under z/VM, and I've been asked these questions: - Does SUSE Linux issue any SAF (RACF) calls for security in the z/VM environment ? If not, how is security handled ? - Are there any types of SMF records cut to record access or violations to resources in a Linux z/VM environment ? - Does anyone have a link to more specific security / Linux information ? http://www.linuxsecurity.com/ http://lsm.immunix.org/ http://www.nsa.gov/selinux/ http://sourceforge.net/project/showfiles.php?group_id=21266 http://www.grsecurity.net/ http://www.snort.org/ http://www.chkrootkit.org/ http://www.wiretapped.net/ http://www.cert.org/ That's what I came up with on short notice. security-enhanced linux and grsecurity-linux have an intensive development of Access Control Lists and Role Based Access Control, though in different ways. I expect they would be of equal interest at this preliminary stage. I don't know anything about SuSE; I don't use it. Wesley Parish Thanks. -- Mau e ki, He aha te mea nui? You ask, What is the most important thing? Maku e ki, He tangata, he tangata, he tangata. I reply, It is people, it is people, it is people.
Re: LINUX Security
Thanks to everyone !! Joe [EMAIL PROTECTED] 12/10/02 06:11PM On Wednesday 11 December 2002 04:42 am, you wrote: Hello, we have just started to research SUSE Linux under z/VM, and I've been asked these questions: - Does SUSE Linux issue any SAF (RACF) calls for security in the z/VM environment ? If not, how is security handled ? - Are there any types of SMF records cut to record access or violations to resources in a Linux z/VM environment ? - Does anyone have a link to more specific security / Linux information ? http://www.linuxsecurity.com/ http://lsm.immunix.org/ http://www.nsa.gov/selinux/ http://sourceforge.net/project/showfiles.php?group_id=21266 http://www.grsecurity.net/ http://www.snort.org/ http://www.chkrootkit.org/ http://www.wiretapped.net/ http://www.cert.org/ That's what I came up with on short notice. security-enhanced linux and grsecurity-linux have an intensive development of Access Control Lists and Role Based Access Control, though in different ways. I expect they would be of equal interest at this preliminary stage. I don't know anything about SuSE; I don't use it. Wesley Parish Thanks. -- Mau e ki, He aha te mea nui? You ask, What is the most important thing? Maku e ki, He tangata, he tangata, he tangata. I reply, It is people, it is people, it is people.
Re: LINUX Security
Vince, I guess my question is, if I have 50 linux images running under VM and each of them have a root user, can I have a different password for each of them? Carlos :-) Saying goes: Great minds think alike - I say: Great minds think for themselves! Carlos A. Ordonez IBM Corporation Server Consolidation |-+--- | | Re, Vincent | | | [EMAIL PROTECTED]| | | om | | | Sent by: Linux | | | on 390 Port | | | [EMAIL PROTECTED]| | | RIST.EDU | | | | | | | | | 12/10/2002 05:20| | | PM | | | Please respond | | | to Linux on 390 | | | Port| | | | |-+--- ---| | | |To: [EMAIL PROTECTED] | |cc: | | From: | | Subject: Re: LINUX Security | | | ---| Vince, can you have multiple root ids and passwords? Carlos :-) If you're asking whether you can have multiple user IDs with UID=0, then the answer is yes. UID/GID, shell program and home directory all come from the PAM server (ACF2, Top Secret, etc.), and there's no reason you couldn't have multiple UID 0 IDs if you wanted to. The nice thing about our PAM implementation is that you have a lot of flexibility when it comes to restricting which Linux images (or facilities within a Linux system) a given user can access. You might set it up so that users get root privileges, but only on a particular Linux image. Or, perhaps you'd let them use Telnet but not FTP. Because the authentication is processed by ACF2/Top Secret, all of the normal system entry controls are extended and apply to Linux as well. For example, an earlier post asked about auditing, and with our PAM plug-in, you will most definitely see a complete audit trail of Linux sign-on activity in your z/OS SMF records. Having said that, multiple UID 0 users might or might not be a good thing on Linux because there would be no way to segregate their permissions (that is, once logged on, any root user would have access to all resources). Keep in mind that PAM is just for user authentication - if you want true access control then you need something more. This is where our eTrust Access Control product fits in: it's essentially z/OS-style resource protection for Linux, and it provides the kind of granular resource protection (including controlling what root users may do), auditing, etc. that mainframe sites would be accustomed to. Vince Re Computer Associates
Re: LINUX Security
On Tue, 10 Dec 2002 15:06:39 -0500 David Boyes said: If you are an ACF2 (or CA-Top Secret) customer, then we have an open-source PAM plug-in that lets you authenticate directly against ACF2 or Top Secret. The client side (the part that runs on Linux) is available in source code or pre-built RPM form (both Intel and mainframe Linux). The server is simply a built-in integrated part of ACF2. With our plug-in installed, you need no user definition on Linux - your existing mainframe security rules and passwords are all that's needed. Nice. Will it be available for VM:Secure? How about RACF? Cheers, Arty
Re: Is Samba on Linux/390 ready for prime-time?
(I work for Phil) Yes, we're using LVM. Each filesystem is 29 3390-9 volumes, at roughly 7 gb. each, for a total of roughly 204 gb. per filesystem. Two of these, plus 5 minidisks for the system, consumes all 256 minor node numbers for the DASD device. To add more, we'd have to go to a new major number, which would give us another 64 devices. (Each physical volume consumes 4 minor numbers.) -Original Message- From: Noll, Ralph [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 1:59 PM To: [EMAIL PROTECTED] Subject: Re: [LINUX-390] Is Samba on Linux/390 ready for prime-time? so are you using lvm .. and about how many volumes did this take?? i need to do the same thing here thanks -Original Message- From: Phil Tully [mailto:[EMAIL PROTECTED]] Sent: Friday, November 15, 2002 8:52 AM To: [EMAIL PROTECTED] Subject: Re: Is Samba on Linux/390 ready for prime-time? Mark, As of this morning we have 192Gig of samba space allocated with 67G free space. This is used by approx 300 Windows desktop for network disk space. We are in the process of engineering a solution for 12TB of NFS/Windows storage. regards Ph
Linux-390 in South Africa
Hi all I just joined the mailing list and is busy installing Hercules on my Linux box to emulate S/390, and to start getting my hands wet on Linux for the mainframe. Historically I am a sys admin so I know a fair bit about Linux, but absolutely squat about mainframes. We're only getting our new mainframe in the New Year so I'm stuck with the emulator. I would like to know if anybody that's subscribed to this list has done an implementation in South Africa or know of anyone in South Africa that has done it. I'd also appreciate it if someone can send me links to websites on Installing MVS / OS/390 / VM/ESA / z/VM for dummies. Tx Heinrich Venter Design Centre South African Revenue Services Tel: +27 12 452 5016 Fax: +27 12 452 5070 Cell: +27 82 652 7874 E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
Re: LINUX Security
if I have 50 linux images running under VM and each of them have a root user, can I have a different password for each of them? There are lots of options here, depending on exactly what you're trying to achieve. Personally (as one who hates to remember different passwords), I would rather have one ID and password, and use security policy to control which systems I'm allowed to connect to. But if I prefer, I could just as easily have a different root account/password on each system. Or a mixture of both. The exact details vary depending on which security product (ACF2, Top Secret, eTrust Access Control) you're working with, but in general all of the system entry validation features of the security products apply. Vince Re Computer Associates
Re: Linux-390 in South Africa
Welcome aboard Heinrich! I can't speak for OS/390, but the installation process for z/VM boils down to a one page document that is designed for folks that are just beginning with z/VM or just want all of the defaults. I don't think the document is distributed anywhere, but a number of folks have use it and the word is that it is quite easy. Best of luck and happy holidays. On Wednesday 11 December 2002 08:20 am, you wrote: Hi all I just joined the mailing list and is busy installing Hercules on my Linux box to emulate S/390, and to start getting my hands wet on Linux for the mainframe. Historically I am a sys admin so I know a fair bit about Linux, but absolutely squat about mainframes. We're only getting our new mainframe in the New Year so I'm stuck with the emulator. I would like to know if anybody that's subscribed to this list has done an implementation in South Africa or know of anyone in South Africa that has done it. I'd also appreciate it if someone can send me links to websites on Installing MVS / OS/390 / VM/ESA / z/VM for dummies. Tx Heinrich Venter Design Centre South African Revenue Services Tel: +27 12 452 5016 Fax: +27 12 452 5070 Cell: +27 82 652 7874 E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -- Rich Smrcina Sytek Services, Inc. Milwaukee, WI [EMAIL PROTECTED] [EMAIL PROTECTED] Catch the WAVV! Stay for Requirements and the Free for All! Update your S/390 skills in 4 days for a very reasonable price. WAVV 2003 in Winston-Salem, NC. April 25-29, 2003 For details see http://www.wavv.org
IP address
I'm traying to bring up a LPAR (9672 rb6) with Linux. Is there another IP address besides OSA IP, that have to be specified to conect Linux Lpar to the LAN ? OSA IP actually is being used by second LPAR called OS390D, but i suppose this can be reassinged to LINUX Lpar. Is this the correct way ?. Atte. José Rugel C. Teléfono: 563-744 o 566-010 ext 2128 E-mail: [EMAIL PROTECTED] * La información contenida en este e-mail es confidencial y sólo puede ser utilizada por el individuo o la compañía a la cual está dirigido. Cualquier retención, difusión, distribución o copia de este mensaje está prohibida. La compañía no asume responsabilidad sobre información, opiniones o criterios contenidos en este mail que no este relacionada con negocios oficiales de nuestra compañía. Si Usted recibió este mensaje por error notifique al Administrador o a quien le envió inmeditamente, elimínelo sin ver su contenido o hacer copias. ** Banco del Pacífico S.A.** **
Re: Linux-390 in South Africa
On Wed, Dec 11, 2002 at 08:31:59AM -0600, Rich Smrcina wrote: Welcome aboard Heinrich! I can't speak for OS/390, but the installation process for z/VM boils down to a one page document that is designed for folks that are just beginning with z/VM or just want all of the defaults. I don't think the document is distributed anywhere, but a number of folks have use it and the word is that it is quite easy. You can find the installation summary as a PDF on the z/VM V4R3.0 base publication webpage, at http://www.vm.ibm.com/pubs/pdf/vm430bas.html. The document in question is the z/VM V4R3.0 Installation Summary, and the URL for its download is http://www.vm.ibm.com/pubs/pdf/v4r3isum.pdf. Hope this helps. Kris
Re: LINUX Security
Thanks... that's cool - very nicely done Carlos :-) Saying goes: Great minds think alike - I say: Great minds think for themselves! Carlos A. Ordonez IBM Corporation Server Consolidation |-+--- | | Re, Vincent | | | [EMAIL PROTECTED]| | | om | | | Sent by: Linux | | | on 390 Port | | | [EMAIL PROTECTED]| | | RIST.EDU | | | | | | | | | 12/11/2002 09:22| | | AM | | | Please respond | | | to Linux on 390 | | | Port| | | | |-+--- ---| | | |To: [EMAIL PROTECTED] | |cc: | | From: | | Subject: Re: LINUX Security | | | ---| if I have 50 linux images running under VM and each of them have a root user, can I have a different password for each of them? There are lots of options here, depending on exactly what you're trying to achieve. Personally (as one who hates to remember different passwords), I would rather have one ID and password, and use security policy to control which systems I'm allowed to connect to. But if I prefer, I could just as easily have a different root account/password on each system. Or a mixture of both. The exact details vary depending on which security product (ACF2, Top Secret, eTrust Access Control) you're working with, but in general all of the system entry validation features of the security products apply. Vince Re Computer Associates
Re: LINUX Security
On Wed, 11 Dec 2002, Ihno Krumreich wrote: I hope my understanding of the terms is right.. For me accouting is to find out WHO has used a resource how much (to write bills). systat does not provide this information. systat just tells you how much a resource has been used at a given time. Its main goal is to find bottlenecks or to find a reason to the statement the system is slow. I don't know; I've not used it. However, this makes me think it might do more: -x pid | SELF | SUM | ALL Report statistics for a given process. pid is the process iden- tification number. The SELF keyword indicates that statistics Maybe the information's there. Presumably, Sebastien Godard [EMAIL PROTECTED], the author, would know what's there and what can be added. -- Cheers John. Join the Linux Support by Small Businesses list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
Re: LINUX Security
Does it work with Top Secret on z/OS 1.4 ? -Original Message- From: Re, Vincent [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 3:32 PM To: [EMAIL PROTECTED] Subject:Re: LINUX Security The short answer is that yes, we're committed to including PAM server components in all of our security products. I believe ACF2 VM and Top Secret VM PAM support are already announced, and I also believe VM:Secure is in the works. We're also looking at providing PAM server support in our eTrust Access Control product, which runs on Windows, Linux (mainframe and Intel) and a number of UNIX platforms. Vince Re Computer Associates
Re: LINUX Security
On Wed, 2002-12-11 at 13:02, Carlos Ordonez wrote: Vince, I guess my question is, if I have 50 linux images running under VM and each of them have a root user, can I have a different password for each of them? Carlos :-) You don't have to call your uid 0 root either btw. Unix cares about uid and cap bits not about the name. The name is a userspace construct purely for human convenience. So you can have bofh:*:0:... etc for your root
Re: Linux-390 in South Africa
I have several contacts in South Africa interested in Linux for the S390. Contact me off-list and I will provide them. Stephen J. Guthrie Regional Sales Manager Mantissa Corporation 2200 Valleydale Road Birmingham, AL 35244 Direct: (205)402-0209 Fax: (205)402-0232 Office: (205)402-0300 -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED]]On Behalf Of Kris Van Hees Sent: Wednesday, December 11, 2002 8:40 AM To: [EMAIL PROTECTED] Subject: Re: Linux-390 in South Africa On Wed, Dec 11, 2002 at 08:31:59AM -0600, Rich Smrcina wrote: Welcome aboard Heinrich! I can't speak for OS/390, but the installation process for z/VM boils down to a one page document that is designed for folks that are just beginning with z/VM or just want all of the defaults. I don't think the document is distributed anywhere, but a number of folks have use it and the word is that it is quite easy. You can find the installation summary as a PDF on the z/VM V4R3.0 base publication webpage, at http://www.vm.ibm.com/pubs/pdf/vm430bas.html. The document in question is the z/VM V4R3.0 Installation Summary, and the URL for its download is http://www.vm.ibm.com/pubs/pdf/v4r3isum.pdf. Hope this helps. Kris
Re: LINUX Security
At 23:20 10-12-02, Re, Vincent wrote: If you're asking whether you can have multiple user IDs with UID=0, then the answer is yes. We tried this because I thought it would be nice to automatically logon the account 'Operator' on the console and let it have uid=0, but be able to separate from 'root' in that it has its own home directory and things. Unfortunately that made the 'id' command under root return 'Operator' with all kind of annoying effects. Rob
Re: lsb spec
We're working on the informal testing regime scripts, and will be submitting some of the work shortly. Any more info on this or a pointer to an appropriate web page? Rod F.
Re: LINUX Security
While there are exceptions to every rule it is VERY BAD form to use the root account for much of anything! Its just too dangerous. The current best practice is to disable logins as root. First root should never login over a network and probably should be locked completely. what one should do instead is setup sudo such that groups of persons have explicit access to what they need to do. This has the advantage of logging any root level actions that are performed and any unauthorized attempts to perform root level actions. for more information see 'man sudo' 'man sudoers' and do a google search on sudo. -Jere On Wed, Dec 11, 2002 at 04:35:43PM +0100, Rob van der Heij wrote: At 23:20 10-12-02, Re, Vincent wrote: If you're asking whether you can have multiple user IDs with UID=0, then the answer is yes. We tried this because I thought it would be nice to automatically logon the account 'Operator' on the console and let it have uid=0, but be able to separate from 'root' in that it has its own home directory and things. Unfortunately that made the 'id' command under root return 'Operator' with all kind of annoying effects. Rob ---end quoted text--- -- - | Jere Julian, RHCE, CCNA Cisco Systems, Inc. ITD - IBM Sustaining | | mailto:[EMAIL PROTECTED] 7025 Kit Creek Rd, RTP, NC 27709 | - msg10239/pgp0.pgp Description: PGP signature
Re: LINUX Security
Beware though that with the current rootkits available a total idiot with a browser can download programs that can bypass many of these schemes and become root very, very, very easily. You really need to know nothing in most cases to run these rootkits so beware and keep your ftp, ssh and ssl daemons patched up to the minute. M Katz RAE Internet -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED]]On Behalf Of Jere Julian Sent: Wednesday, December 11, 2002 11:24 AM To: [EMAIL PROTECTED] Subject: Re: LINUX Security While there are exceptions to every rule it is VERY BAD form to use the root account for much of anything! Its just too dangerous. The current best practice is to disable logins as root. First root should never login over a network and probably should be locked completely. what one should do instead is setup sudo such that groups of persons have explicit access to what they need to do. This has the advantage of logging any root level actions that are performed and any unauthorized attempts to perform root level actions. for more information see 'man sudo' 'man sudoers' and do a google search on sudo. -Jere On Wed, Dec 11, 2002 at 04:35:43PM +0100, Rob van der Heij wrote: At 23:20 10-12-02, Re, Vincent wrote: If you're asking whether you can have multiple user IDs with UID=0, then the answer is yes. We tried this because I thought it would be nice to automatically logon the account 'Operator' on the console and let it have uid=0, but be able to separate from 'root' in that it has its own home directory and things. Unfortunately that made the 'id' command under root return 'Operator' with all kind of annoying effects. Rob ---end quoted text--- -- - | Jere Julian, RHCE, CCNA Cisco Systems, Inc. ITD - IBM Sustaining | | mailto:[EMAIL PROTECTED] 7025 Kit Creek Rd, RTP, NC 27709 | -
Telecommunications protocol support
Hi, I got a question from a customer asking about Linux support for several of the telecommunication industry standards/protocols such as OSI, CMIP, and TMN Framework. I don't know anything about them, do they look familiar to anyone? Do you know if they are currently supported in any way? Is the support different on Intel as opposed to zSeries? Anything anyone can tell me will be more than I know now :-) Thanks, David -- David J. Chase, zSeries Techline, New York City -- --IBM - 7th Fl, 590 Madison Ave, NYC, NY 10022 -- -- 212-745-3890 (tieline 243) --
Re: Telecommunications protocol support
On Wed, 2002-12-11 at 18:55, David J. Chase wrote: Hi, I got a question from a customer asking about Linux support for several of the telecommunication industry standards/protocols such as OSI, CMIP, and TMN Framework. Oh my god. OSI is the dead non replacement for TCP/IP, slain by the fact IP works and their gisnt mess didnt. I don't know anything about them, do they look familiar to anyone? Do you know if they are currently supported in any way? Is the There are people who still have the scars. Bits of it (OSI over IP) are supported by ISODE, but its a monster and it would be better to change jobs than support OSI ;)
Format DASD
Hi, I'm trying to format two sharks dasd. comand at LINUX prompt is : dasdfmt -n 475 -b 4096 -d cdl -p Address 475 is a model 3, 5, and format ends ok. Address 421 is a model upper 3, 8, and format looks never end. Any IDEA ? Atte. José Rugel C. Teléfono: 563-744 o 566-010 ext 2128 E-mail: [EMAIL PROTECTED] * La información contenida en este e-mail es confidencial y sólo puede ser utilizada por el individuo o la compañía a la cual está dirigido. Cualquier retención, difusión, distribución o copia de este mensaje está prohibida. La compañía no asume responsabilidad sobre información, opiniones o criterios contenidos en este mail que no este relacionada con negocios oficiales de nuestra compañía. Si Usted recibió este mensaje por error notifique al Administrador o a quien le envió inmeditamente, elimínelo sin ver su contenido o hacer copias. ** Banco del Pacífico S.A.** **
Re: Telecommunications protocol support
On Wed, 11 Dec 2002, David J. Chase wrote: Hi, I got a question from a customer asking about Linux support for several of the telecommunication industry standards/protocols such as OSI, CMIP, and TMN Framework. CMIP is the Common Management Information Protocol, best known as the SNMP-equivalent for SNA/APPN networks. I'd say unless their Linux machine is going to be involved in SNA networking, it's irrelevant. Do you know if they are currently supported in any way? Is the support different on Intel as opposed to zSeries? Perhaps the Linux-SNA code has some support for CMIP. As for TMN Framework, does that mean Tivoli? Just guessing... Cheers, Vic Cross
Modularized vs Monolithic kernel
I was reading an article (http://www.openna.com/documentations/articles/kernel/) that discussed the differences between modularized and monolithic Linux kernels which got me wondering what were the pros and cons when it comes to a S/390 or zSeries box. Anyone have any thoughts? Thanks Dave David Froberg Phone: 202-312-9807 Email: [EMAIL PROTECTED]
Re: Modularized vs Monolithic kernel
On Wed, 2002-12-11 at 15:49, Froberg, David C wrote: the pros and cons [of modules vs. statically linked kernel code] when it comes to a S/390 or zSeries box. Most S/390 shops are serious about uptime, and imsmod is a heckuva lot less disruptive than rebuilding the kernel. I believe there are license issues as well, that you cannot link non-GPL code into the kernel. Some of the S/390 drivers are OCO. -- David Andrews A. Duda and Sons, Inc. [EMAIL PROTECTED]
Datagram in reverse order
Linux is sending datagram in reverse order... How can I chnage it? The CIP is sending back ICMP type 3 code 0D
Re: Modularized vs Monolithic kernel
On Wed, 11 Dec 2002, Froberg, David C wrote: I was reading an article (http://www.openna.com/documentations/articles/kernel/) that discussed the differences between modularized and monolithic Linux kernels which got me wondering what were the pros and cons when it comes to a S/390 or zSeries box. Anyone have any thoughts? In theory, if you're building a kernel for lots of disparate hardware, use modules and load what you need. This is what Red Hat does. If you're building a kernel for a specific machine (or lots the same), then you don't need modules. That's what I used to do. The second can have the disadvantage that when you add new (different) hardware you need to build a new kernel. Ditto when there's an upgrade because of a fixed security problem you care about. I also wonder about vendor-supplied initialisation scripts. In some cases they expect you're using the vendor-supplied kernel. These days, when I build a kernel I make it like the vendor kernel in all relevant areas. I use modules where my vendor uses modules, and I include support for all the stuff _I_ might use. -- Cheers John. Join the Linux Support by Small Businesses list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
Re: Modularized vs Monolithic kernel
On Wed, 2002-12-11 at 21:59, Rick Troth wrote: Given the loadable module support in Linux, one could almost call it modular. (I can hear Alan Cox now!) Perhaps it will evolve into more of what the microkernel purists would demand. I hope so! Even now, it is a far cry from the truly monolithic thing it once was. Modular - good engineering Microkernel - strange religion Not that there are not some *very* good uses for a Microkernel done right. QNX is a fine example, as is AmigaOS. Microkernel cores are also a very good way to do OS partitioning on top of a mathematically verifiable security layer. Mach is not a microkernel either - its *huge*. Something like L4 is.
Re: LINUX Security
On Wed, 11 Dec 2002 23:42, you wrote: On Wed, 2002-12-11 at 13:02, Carlos Ordonez wrote: Vince, I guess my question is, if I have 50 linux images running under VM and each of them have a root user, can I have a different password for each of them? Carlos :-) You don't have to call your uid 0 root either btw. Unix cares about uid and cap bits not about the name. The name is a userspace construct purely for human convenience. So you can have bofh:*:0:... etc for your root However, don't suppose that not having a root account called root is something you would want to do. Just a couple of hours ago I was looking at a Debian script that asumes id -u -n returns root for UID=0. -- Cheers John Summerfield Microsoft's most solid OS: http://www.geocities.com/rcwoolley/ Join the Linux Support by Small Businesses list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
Re: Telecommunications protocol support
CMIP is the Common Management Information Protocol, best known as the SNMP-equivalent for SNA/APPN networks. I'd say unless their Linux machine is going to be involved in SNA networking, it's irrelevant. Actually CMIP has nothing specifically to do with SNA (the protocol) -- as you say, it is an SNMP-workalike, but also works for any OSI derivable protocol (commonly used in telco TDM and FR switches at layer 2, and for applications monitoring in OSI networks, such as the few remaining X.400-based mail systems or X.25 based PAD nets). It does also work for SNA, though. Do you know if they are currently supported in any way? Is the support different on Intel as opposed to zSeries? Perhaps the Linux-SNA code has some support for CMIP. With ISODE installed, it does, but the support also extends to any supported protocol stack on the same system as the CMIP agent. As for TMN Framework, does that mean Tivoli? Just guessing... Nope. TMN = Telecommunications Network Management Framework. Its a combination of protocols and best practices commonly used in telcos to encourage/ensure interoperability of NMS and back-office systems between carriers. It covers element management, trouble ticket exchange, upgrade processes, and about 11,000 pages of other stuff. It's complicated. Wrt to Dave Chase's earlier questions, Marshall Rose's ISODE (ISO Development Environment) does provide support for most of the base OSI and CMIP operations, and some components of TMN, but only on Intel and PowerPC-based Linuxen, AFAIK. It won't work on zSeries hardware with QDIO interfaces without tunneling to a outboard Intel box because QDIO support is currently IP-only. LCS devices might work, but I don't have a easy way to test it and ISODE is *huge* -- it takes 6-7 hours to compile on a fairly large Intel box, and needs raw network access in a way that would be very difficult to support for current zSeries hardware. CIPs should work fine, but don't have a way to test it. Wrt to OSI, yes it's ugly, but it exists and wishing won't make it go away. There are tools to deal with it, and it's no uglier than any other non-IP protocol (even if it is screamingly less efficient). It had some good ideas, just lousy reality checking. -- db Cheers, Vic Cross
Re: Modularized vs Monolithic kernel
Rick Troth wrote: The story goes that Andrew Tannenbaum (Comp Sci professor and creator of MINIX, which few can dispute was an inspiration for Linux) criticized Linux as out of date, being monolithic. The subject line of the Usenet message on comp.os.minix in which he responded to the appearance of Linux read LINUX is obsolete. Obviously a balanced and moderate observation, which has meanwhile been confirmed by history. ;-) The Linux crowd, of course, was so delighted to have a kernel that WORKED and that was UNCONSTRAINED (MINIX is not GPL) Actually, GPL wasn't the issue. The issue was that MINIX had a license that, although fairly open and permissive for its time, did not allow redistribution, so management of the various third-party changes that Andy wouldn't integrate into the main product because they didn't help the primary function that he developed MINIX for (teaching) became a royal pain, with all sorts of patch sets that one needed to apply to the base source that one bought from Prentice Hall. Some years ago, Andy finally managed to get P-H to re-license the whole thing under a plain, simple BSD style license. Had he done that ten years earlier, things might have gone different. that they did not let this deter them. (HURD was unheard of and Mach remains mockingly daunting.) Actually, HURD was not unheard of, it just had been in the mythical state form some years, and Linus made explicit reference to its development status in the discussion (I think he even mentioned that the MACH microkernel alone, not counting the HURD or BSD Unix servers, is already way larger than the entire (large, monolithic) Linux kernel was at the time...). The discussion between Andy and Linus is famous and has been retained in the archives. Andy felt very strongly about the micro-kernel approach, and Linus felt very strongly that that might be a theoretically nicer design, but with existing technology not practically feasible (yet). -- Willem Konynenberg [EMAIL PROTECTED] Konynenberg Software Engineering
Re: Modularized vs Monolithic kernel
Mach is not a microkernel either - its *huge*. Something like L4 is. Depends on what you consider to be Mach. The core systems services that make up the Mach microkernel ARE tiny -- less than 10Kloc on the Vax. They're just not very useful in that form -- a barebones Mach microkernel can't even drive a terminal. The Mach that most people deal with (ie either the NeXT version or the version that DARPA paid for to get a ATT-free Unix implementation) is the microkernel plus a humungous 4.3BSD personality module. *THAT* is huge. There are several other personalities -- there was a AIX-like one, Convex did one, NeXTstep did some distributed memory extensions, etc -- even a VMS-like personality. Compared to the VMS personality module, the 4.3BSD personality is microscopic...8-) -- db
Re: Modularized vs Monolithic kernel
Rick Troth wrote: The story goes that Andrew Tannenbaum (Comp Sci professor and creator of MINIX, which few can dispute was an inspiration for Linux) criticized Linux as out of date, being monolithic. The subject line of the Usenet message on comp.os.minix in which he responded to the appearance of Linux read LINUX is obsolete. Obviously a balanced and moderate observation, which has meanwhile been confirmed by history. ;-) Then again, when you look at Amoeba (Tannenbaum's next bit of cool gadgetry), he may have had a point. If you've never looked at Amoeba, check it out. Yet more proof that Andy Tannebaum is One Seriously Smart Dude. Totally distributed environment: distributed memory, single system image, distributed I/O -- his test environment was 300 nodes in 3 different *countries* all presenting a single system image to the programmer. You literally *didn't* know there were multiple systems involved. IMHO (and probably rank heresy here), Amoeba is way cooler than Linux. But, Amoeba is still an academic toy SO FAR, and Linux isn't. C'est la vie. Andy felt very strongly about the micro-kernel approach, and Linus felt very strongly that that might be a theoretically nicer design, but with existing technology not practically feasible (yet). One of the major reasons for the development of Amoeba.
Re: Datagram in reverse order
You can't, and even if you could, it's your application that is making the faulty assumption that unsequenced packets will arrive in the order they were sent. Your choices are to either recode your application to switch to TCP or recode your application to deal with packets arriving out of order. This is the risk you take when you don't use TCP, which guarantees sequenced arrival. All datagram transports (such as UDP) are unsequenced, and you must expect packets to arrive out of order and code accordingly. -- db - Original Message - From: Eddie Chen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 11, 2002 5:03 PM Subject: Datagram in reverse order Linux is sending datagram in reverse order... How can I chnage it? The CIP is sending back ICMP type 3 code 0D
Re: Modularized vs Monolithic kernel
At 15:59 12/11/2002 -0600, Rick Troth wrote: The story goes that Andrew Tannenbaum (Comp Sci professor and creator of MINIX, which few can dispute was an inspiration for Linux) criticized Linux as out of date, being monolithic. The O'Reilly Open Sources book published most of the exchange in an appendix. It's online at http://www.oreilly.com/catalog/opensources/book/appa.html for those who haven't seen it before (like, perhaps, ten years ago :-) ) Ross Patterson
Re: Linux-390 in South Africa
Heinrich, Welcome to the list. I just looked through the list of subscribers to the mailing list, and saw people from at least 4 or 5 organizations with email addresses ending in .za. If you send an email to [EMAIL PROTECTED] with a body of review linux-390 you'll be able to find them as well. Mark Post -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED]]On Behalf Of Heinrich Venter Sent: Wednesday, December 11, 2002 9:20 AM To: [EMAIL PROTECTED] Subject: Linux-390 in South Africa Hi all I just joined the mailing list and is busy installing Hercules on my Linux box to emulate S/390, and to start getting my hands wet on Linux for the mainframe. Historically I am a sys admin so I know a fair bit about Linux, but absolutely squat about mainframes. We're only getting our new mainframe in the New Year so I'm stuck with the emulator. I would like to know if anybody that's subscribed to this list has done an implementation in South Africa or know of anyone in South Africa that has done it. I'd also appreciate it if someone can send me links to websites on Installing MVS / OS/390 / VM/ESA / z/VM for dummies. Tx Heinrich Venter Design Centre South African Revenue Services Tel: +27 12 452 5016 Fax: +27 12 452 5070 Cell: +27 82 652 7874 E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Re: mkraid failure
Ashley, Per, Mike, all, Thanks for all the suggestions, but what finally fixed it was upgrading to a 2.4 kernel. :( Along with binutils, modutils, strace, gdb, ad nauseum. The exact same /etc/raidtab file now works fine, where it didn't before. Onward and sideward, I guess. Thanks again for everyone's help. Mark Post -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED]]On Behalf Of Ashley Chaloner Sent: Wednesday, December 11, 2002 5:40 AM To: [EMAIL PROTECTED] Subject: Re: mkraid failure Ok, so it wasn't the chunk-size ... maybe you need some white space at the beginning of the lines that aren't raiddev /dev/md[0-9] ? If you only have /dev/md0 defined and /proc/mdstat shows 4 devices, then something's gone wrong before any hardware access is done. Apart from that, I've no idea. Ashley.
Re: Linux-390 in South Africa
Tx, will do. Regards Heinrich Venter Design Centre South African Revenue Services Tel: +27 12 452 5016 Fax: +27 12 452 5070 Cell: +27 82 652 7874 E-mail: [EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. -Original Message- From: Mark Post [mailto:[EMAIL PROTECTED]] Sent: 12 December 2002 09:01 To: [EMAIL PROTECTED] Subject: Re: Linux-390 in South Africa Heinrich, Welcome to the list. I just looked through the list of subscribers to the mailing list, and saw people from at least 4 or 5 organizations with email addresses ending in .za. If you send an email to [EMAIL PROTECTED] with a body of review linux-390 you'll be able to find them as well. Mark Post -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED]]On Behalf Of Heinrich Venter Sent: Wednesday, December 11, 2002 9:20 AM To: [EMAIL PROTECTED] Subject: Linux-390 in South Africa Hi all I just joined the mailing list and is busy installing Hercules on my Linux box to emulate S/390, and to start getting my hands wet on Linux for the mainframe. Historically I am a sys admin so I know a fair bit about Linux, but absolutely squat about mainframes. We're only getting our new mainframe in the New Year so I'm stuck with the emulator. I would like to know if anybody that's subscribed to this list has done an implementation in South Africa or know of anyone in South Africa that has done it. I'd also appreciate it if someone can send me links to websites on Installing MVS / OS/390 / VM/ESA / z/VM for dummies. Tx Heinrich Venter Design Centre South African Revenue Services Tel: +27 12 452 5016 Fax: +27 12 452 5070 Cell: +27 82 652 7874 E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Re: IP address
José, You should be able to share the OSA card between the two LPARs. You should assign a unique IP address to the Linux/390 LPAR. You cannot share an IP address between systems. Mark Post -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED]]On Behalf Of Rugel José Sent: Wednesday, December 11, 2002 9:44 AM To: [EMAIL PROTECTED] Subject: IP address I'm traying to bring up a LPAR (9672 rb6) with Linux. Is there another IP address besides OSA IP, that have to be specified to conect Linux Lpar to the LAN ? OSA IP actually is being used by second LPAR called OS390D, but i suppose this can be reassinged to LINUX Lpar. Is this the correct way ?. Atte. José Rugel C. Teléfono: 563-744 o 566-010 ext 2128 E-mail: [EMAIL PROTECTED] * La información contenida en este e-mail es confidencial y sólo puede ser utilizada por el individuo o la compañía a la cual está dirigido. Cualquier retención, difusión, distribución o copia de este mensaje está prohibida. La compañía no asume responsabilidad sobre información, opiniones o criterios contenidos en este mail que no este relacionada con negocios oficiales de nuestra compañía. Si Usted recibió este mensaje por error notifique al Administrador o a quien le envió inmeditamente, elimínelo sin ver su contenido o hacer copias. ** Banco del Pacífico S.A.** **
Re: Format DASD
What version of dasdfmt do you have? I seem to recall their being a bug in an earlier version like this. Mark Post -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED]]On Behalf Of Rugel José Sent: Wednesday, December 11, 2002 3:30 PM To: [EMAIL PROTECTED] Subject: Format DASD Hi, I'm trying to format two sharks dasd. comand at LINUX prompt is : dasdfmt -n 475 -b 4096 -d cdl -p Address 475 is a model 3, 5, and format ends ok. Address 421 is a model upper 3, 8, and format looks never end. Any IDEA ? Atte. José Rugel C. Teléfono: 563-744 o 566-010 ext 2128 E-mail: [EMAIL PROTECTED] * La información contenida en este e-mail es confidencial y sólo puede ser utilizada por el individuo o la compañía a la cual está dirigido. Cualquier retención, difusión, distribución o copia de este mensaje está prohibida. La compañía no asume responsabilidad sobre información, opiniones o criterios contenidos en este mail que no este relacionada con negocios oficiales de nuestra compañía. Si Usted recibió este mensaje por error notifique al Administrador o a quien le envió inmeditamente, elimínelo sin ver su contenido o hacer copias. ** Banco del Pacífico S.A.** **
