Re: Linux and z/VM Wiki
Nice work Mark! Will spend some time there. Gerard -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Mark Post Sent: Wednesday, September 16, 2009 2:21 PM To: LINUX-390@VM.MARIST.EDU Subject: Linux and z/VM Wiki Cross-posted to Linux-390, IBMVM, and IBM-Main The idea of having a Wiki (http://dictionary.reference.com/browse/wiki) for mainframe Linux and z/VM has been floating around for some time. It was thought that having a Wiki with a fair amount of content already in it would help it reach a critical mass of usability far sooner than might otherwise happen. A fair amount of behind-the-scenes work has been done over the last couple of years to make that happen, without much success. So, I've decided to take a different approach. With the assistance of Marist College (and Velocity Software who owns the domain name), I've put up a Wiki at http://wiki.linuxvm.org/wiki/ for people to contribute content. We'll see how things go from here to determine if it's worth keeping or not. There are a few rules, for lack of a better term, that will apply to the Wiki, none of them particularly onerous: 1. Although technically not required, we would prefer that anyone contributing to the wiki create an account before doing so. 2. Keep things civil and professional, both in the articles themselves, as well as the discussion pages for them. 3. Keep things accurate. We expect vendor-specific information to be entered here (although we'd prefer to not have pricing details). But, any exaggerated claims, vapor ware announcements and the like are subject to summary deletion. 4. Try to keep bias to a minimum. Everyone has their favorite distribution or way of doing things. Try not to let others people's preferences in those areas be cause for any Holy Wars [TM]. 5. If you don't own the copyright to something, don't add it to the wiki. 6. Use common sense in general. I hope that people find this useful, and are willing to contribute as they are able. With any luck, it will become a valuable resource for everyone that might become involved in running Linux on System z. Thanks, Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: About Novell Customer center
Snipping the right parts from that suggestion and the OP made me giggle... On Thu, Sep 17, 2009 at 1:50 AM, Scott Rohling scott.rohl...@gmail.com wrote: This isn't the proper forum for complaints like this - nor is it the proper language to get a constructive response. Call Novell. On Wed, Sep 16, 2009 at 5:45 PM, And Get Involved sunny...@wcb.ab.cawrote: And when you make a call, mostly I am bounced into someone voicemail. PS Sunny, I think you took the instructions for subscribing to the list a bit too literal (unless your real name is what Listserv thinks it is...) Rob -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
intrusion detection on the zLinux Platform
Is there a host based intrusion detection agent like Symantec's CSP for the s390x platform? We have hit a road block in that Symantec does not support the mainframe Linux. Right now they want us to route our syslogs to a windows box or Blade server($$$) to capture any data, and we do not like it. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: intrusion detection on the zLinux Platform
On Thursday 17 September 2009 12:33, CHAPLIN, JAMES (CTR) wrote: Is there a host based intrusion detection agent like Symantec's CSP for the s390x platform? We have hit a road block in that Symantec does not support the mainframe Linux. Right now they want us to route our syslogs to a windows box or Blade server($$$) to capture any data, and we do not like it. I haven't tried this on zLinux because all our mainframes are far from the public, but I use DenyHosts on all my Linux boxes with an external IP address: http://sourceforge.net/projects/denyhosts/ It's in Python, so it will run on s390x. It's pretty simple-minded: just blocks hosts with too many SSH login failures. I don't know if it covers other sorts of intrusion attempts or not. What sort of intrusions are you trying to prevent? SSH? IMAP? Port scans? Everything? I haven't tried any of the following, but these packages might help: PortSentry: http://www.psionic.com/abacus/portsentry/ LogCheck: http://www.psionic.com/abacus/logcheck/ There's also LIDS (http://www.lids.org/), but that's a kernel modification and probably overkill. And if you want to find out what happened after you've been compromised, there's the venerable TripWire (http://www.tripwire.org/). - MacK. - Edmund R. MacKenty Software Architect Rocket Software 275 Grove Street · Newton, MA 02466-2272 · USA Tel: +1.617.614.4321 Email: m...@rs.com Web: www.rocketsoftware.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: intrusion detection on the zLinux Platform
CHAPLIN, JAMES (CTR) wrote: Is there a host based intrusion detection agent like Symantec's CSP for the s390x platform? We have hit a road block in that Symantec does not support the mainframe Linux. Right now they want us to route our syslogs to a windows box or Blade server($$$) to capture any data, and we do not like it. There is a world of open source security tools out there. Look at Snort. http://www.snort.org/ -- Jack J. Woehr# «'I know what it means well enough, when I find http://www.well.com/~jax # a thing,' said the Duck: 'it's generally a frog or http://www.softwoehr.com # a worm.'» - Lewis Carroll, _Alice in Wonderland_ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: intrusion detection on the zLinux Platform
There are several options. Drop me a note off list. Is there a host based intrusion detection agent like Symantec's CSP for the s390x platform? We have hit a road block in that Symantec does not support the mainframe Linux. Right now they want us to route our syslogs to a windows box or Blade server($$$) to capture any data, and we do not like it. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: intrusion detection on the zLinux Platform
Can I work on question 3 now? 8-) I've reworded my question and have reposted it to the listserve group. I'm even more curious now as to why it was added as an option (CLEAR_TDisk) to VM. No reply necessary, just sharing. Steve -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of David Boyes Sent: Thursday, September 17, 2009 1:30 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: intrusion detection on the zLinux Platform There are several options. Drop me a note off list. Is there a host based intrusion detection agent like Symantec's CSP for the s390x platform? We have hit a road block in that Symantec does not support the mainframe Linux. Right now they want us to route our syslogs to a windows box or Blade server($$$) to capture any data, and we do not like it. James Chaplin Systems Programmer, MVS, zVM zLinux Base Technologies, Inc Supporting the zSeries Platform Team -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: intrusion detection on the zLinux Platform
On 9/17/2009 at 12:33 PM, CHAPLIN, JAMES (CTR) james.chap...@associates.dhs.gov wrote: Is there a host based intrusion detection agent like Symantec's CSP for the s390x platform? If you're running SLES, aide comes with the distribution. It's a Tripwire-like tool that will track modifications of files, etc. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: intrusion detection on the zLinux Platform
Not sure if this is what you're looking for but try http://www.intellinx-sw.com/ On 9/17/2009 at 12:33 PM, CHAPLIN, JAMES (CTR) james.chap...@associates.dhs.gov wrote: Is there a host based intrusion detection agent like Symantec's CSP for the s390x platform? -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Denver SHARE Presentations on linuxvm.org - Three More
Cross-posted to Linux-390, IBMVM, and IBM-MAIN I've received three more Linux and z/VM presentations. Thanks to all the speakers that have contributed. Session Presenter Title 9137Rick Barlow Virtual Linux Server Disaster Recovery Planning 9153Rick Barlow z/VM Goody Bag 9213Rick Barlow Linux Servers on System z: Benefits and Features of Virtualization in the Enterprise Data Center http://linuxvm.org/Present/#share113 Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: intrusion detection on the zLinux Platform
There are some big difference. Centralized collection and administration. Separation of duties. Single product for the whole org. I emailed James offlist since we are pursuing the same product. But if you don't have those compliance requirements, then aide could work for you (although I spent a little time with it and couldn't get it to notice my changes - but that could have just been me :) Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Mark Post Sent: Thursday, September 17, 2009 1:45 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: [LINUX-390] intrusion detection on the zLinux Platform On 9/17/2009 at 12:33 PM, CHAPLIN, JAMES (CTR) james.chap...@associates.dhs.gov wrote: Is there a host based intrusion detection agent like Symantec's CSP for the s390x platform? If you're running SLES, aide comes with the distribution. It's a Tripwire-like tool that will track modifications of files, etc. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390