Security Publications
7 new or updated documents on Linux security can be found at: http://www-124.ibm.com/linux/pubs/?topic_id=5 Linux security solutions for businesses on IBM eServer xSeries (Apr 2004) Published May 2003. The State of Linux Security (Apr 2004) Written by Doc Shankar. Presented at LinxuWorld Conference and Expo in the Fall of 2003. Updated in April 2004. Linux on zSeries Security White Paper (Apr 2004) Written by Ingolf Salm and Peter Spera. Published March 2004. Choosing Secure Platforms in the Enterprise (Apr 2004) Comparing Linux and Windows security head-to-head. Written by the Robert Francis Group, Inc. Certifying Open Source - The Linux Experience (Apr 2004) Presented at a IEEE conference in 2003. SELinux Thoughts/Direction (Apr 2004) Presented by Doc Shankar and Trent Jaeger at LinuxWorld Conference and Expo 2004 New York in January 2004. Evaluating and Certifying Open Source - The Linux Experience (Apr 2004) Presented by Doc Shankar (IBM) and Helmut Kurth (atsec information security GmbH) at the ICCC 2003 conference. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Migrating Linux LPAR to another processor
Which was all I was saying. I was just responding to the "you might want to do this" aspect. It is entirely optional whether you do it _before_ the move or not. Afterwards, it is mandatory, or your system won't be of much use to you. Mark Post -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Adam Thornton Sent: Monday, May 03, 2004 12:49 PM To: [EMAIL PROTECTED] Subject: Re: Migrating Linux LPAR to another processor On Mon, 2004-05-03 at 11:33, Post, Mark K wrote: > Perhaps, but it's a definite "must do" _after_ the move has been > completed. YaST would be the appropriate method to do this. Also, the > default gateway may need to be changed. Again, YaST would be the tool > to use. If you're going to use YaST, then you need the ifconfig steps first anyway. If you're happy editing the system config files that YaST reads, you could skip that and just edit them directly. But basically, I too am of the opinion that that's way too much hassle. Get the interface up via the HMC, then ssh into the box and run YaST to make your changes permanent. Adam -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Migrating Linux LPAR to another processor
On Mon, 2004-05-03 at 11:33, Post, Mark K wrote: > Perhaps, but it's a definite "must do" _after_ the move has been completed. > YaST would be the appropriate method to do this. Also, the default gateway > may need to be changed. Again, YaST would be the tool to use. If you're going to use YaST, then you need the ifconfig steps first anyway. If you're happy editing the system config files that YaST reads, you could skip that and just edit them directly. But basically, I too am of the opinion that that's way too much hassle. Get the interface up via the HMC, then ssh into the box and run YaST to make your changes permanent. Adam -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Migrating Linux LPAR to another processor
Perhaps, but it's a definite "must do" _after_ the move has been completed. YaST would be the appropriate method to do this. Also, the default gateway may need to be changed. Again, YaST would be the tool to use. Mark Post -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Adam Thornton Sent: Monday, May 03, 2004 10:34 AM To: [EMAIL PROTECTED] Subject: Re: Migrating Linux LPAR to another processor -snip- You might even want to configure your startup scripts to give the interfaces the correct (new) addresses so you don't have to mess with ifconfig, but that's likely to be more hassle than it's worth. Adam -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Linux dump formats
When someone does take a Linux dump, what do they typically use? Has lkcd become the de facto standard? I'm thinking about a VMD2LKCD utility, but would hate to invest any time in it if that was the wrong direction to be heading. -- ...phsiii Phil Smith III Linuxcare, Inc. [EMAIL PROTECTED] (703) 476-4511 (office) (703) 568-6662 (cell) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Migrating Linux LPAR to another processor
On Mon, 2004-05-03 at 08:43, Peter E. Abresch Jr. - at Pepco wrote: > I was thinking of the following steps: [...] > 8 Drink some beer I don't see anything wrong with your plan. On the other hand, it's Monday morning so my perception isn't really up to speed yet. I would, however, suggest replicating part 8, moving it to the top, and additionally inserting copies between each additional step. You might even want to configure your startup scripts to give the interfaces the correct (new) addresses so you don't have to mess with ifconfig, but that's likely to be more hassle than it's worth. Adam -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Migrating Linux LPAR to another processor
I am running SuSE Linux SLES8 SP03 on a native IBM 9672-R26 LPAR. I must migrate this Linux LPAR to an IBM 2066-002 LPAR. Both processors are connected to the same DASD so none of the DASD addresses will change. The OSAs are physically different but still remain OSA/e 100-megabit Ethernet connections. They have the same UCBs on both processors but the IP addresses will be different. The CTCs have the same UCBs and IP addresses as well as the dummy0 interface. It is only the 2 OSA/e interfaces that must change. What will be the best method of handling this? I was thinking of the following steps: 1 Create new zebra and ospfd configuration files with the new IP addresses for the OSA/e interfaces 2 Disable the automatic startup of zebra and ospfd 3 Shutdown and deactivate the Linux LPAR on the IBM 9672-R26 4 Activate and boot the same Linux system on the IBM 2066-002 LPAR 5 From the HMC console, use the IFCONFIG command to reconfigure the ip addresses for the 2 OSA/e ethx interfaces 6 Start zebra and ospfd using the new configuration files created in step 1. 7 Enable the automatic startup of zebra and ospfd 8 Drink some beer Please provide comments, suggestions, and recommendations. Also, are there any gotchas that I do not know about. Thanks. Peter -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: 2.6 kernel and old DASD problem
> SenseID : device 0750 reports: CU Type/Mod = 3990/EC, Dev Type/Mod = > 3390/0A (for Shark) > SenseID : device 080b reports: CU Type/Mod = 3990/E9, Dev Type/Mod = > 3390/0A (for Tetragon) > SenseID : device 080c reports: CU Type/Mod = 3990/E9, Dev Type/Mod = > 3390/0A (for Tetragon) Hmm, the cu type/dev type combination is fine. The must be another reason why the dasd aren't recognized. If this system runs under z/VM could you do a "#CP CPU ALL TR IO 080B INST INT CCW RUN" and post the log? blue skies, Martin Linux/390 Design & Development, IBM Deutschland Entwicklung GmbH Schönaicherstr. 220, D-71032 Böblingen, Telefon: 49 - (0)7031 - 16-2247 E-Mail: [EMAIL PROTECTED] -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: zSeries , Linux and spin loops
Gerard, In my experience, no. VM makes no difference in the multi-CPU decision. --Jim-- James S. Tison Senior Software Engineer TPF Laboratory / Architecture IBM Corporation "If dogs don't go to heaven, then, when I die, I want to go where they do." -- Will Rogers "Ceruti, Gerard G" <[EMAIL PROTECTED]> Sent by: Linux on 390 Port <[EMAIL PROTECTED]> 05/03/2004 05:04 Please respond to Linux on 390 Port To [EMAIL PROTECTED] cc Subject zSeries , Linux and spin loops Hi People Perhaps someone can comment ,(assume for the discussion that the business application requires only ONE CP) We are looking at a zSeries Linux production setup and the discussion of how many CP are required has come up, normal rules say we should get another CP to handle possible spinloops,ensure multi processing, how does this relate to Linux, does the requirement change if we have z/VM ?. Thanks Gerard Ceruti __ For information about the Standard Bank group visit our web site __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
zSeries , Linux and spin loops
Hi People Perhaps someone can comment ,(assume for the discussion that the business application requires only ONE CP) We are looking at a zSeries Linux production setup and the discussion of how many CP are required has come up, normal rules say we should get another CP to handle possible spinloops,ensure multi processing, how does this relate to Linux, does the requirement change if we have z/VM ?. Thanks Gerard Ceruti __ For information about the Standard Bank group visit our web site __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390