Re: Does anyone use SELinux on their zLinux platforms?
One last question, I am trying to understand where the SELinux settings for a user are stored, like the User Statements with the assigned roles stored for SELinux? Same question on the defined Roles and Role Statements? Does SELinux User mapping have to be defined on each server? James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, a CA Technologies Company Department of Homeland Security/U.S. Customs & Border Protection -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of George, Kevin A Sent: Friday, July 15, 2011 11:08 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Does anyone use SELinux on their zLinux platforms? We are not currently using LDAP for any SELinux information. We use LDAP for normal Linux/unix authentication values like uid, gid, home, etc... We also have sudo using LDAP for its rules so we do not have a sudoers file in /etc and can control it from a central location. We also control which host a given ID is allowed to log on to from the LDAP. The password used is the RACF password because we have enabled the LDAP server to use RACF for password validation. Kevin George Compuware / U.S. Office of Personnel Management -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Friday, July 15, 2011 10:53 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Does anyone use SELinux on their zLinux platforms? Kevin, That sounds like the direction that I am currently trying to promote at our worksite. I have one question with authentication. With LDAP, are you going against RACF for the password and the user Statements with the related Roles and role statements, where are these stored? Are you able to use LDAP as the central location for these values on zOS for all Linux users and servers to access them from? We are not using LDAP, as we have CA's eTrust Top Secret at our shop on the zOS security package. We are using a different tool to retrieve user password, uid & gid from Top Secret at our shop. At this time, CA has stated that they are not supporting SELinux values, but are considering this for the future. James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, a CA Technologies Company Department of Homeland Security/U.S. Customs & Border Protection -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of George, Kevin A Sent: Friday, July 15, 2011 10:36 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Does anyone use SELinux on their zLinux platforms? We are currently implementing Red Hat Linux 5.5 with SELinux enabled. We are using LDAP on z/OS for the authentication. There are some things we had to learn about SELinux before we could successfully install some products and some vendors do not help much. We install third party software with SELinux in permissive mode which, with setroubleshootd enabled, allows you to see what would cause a failure when in enforcing mode. This allows you to correct the SELinux rules so the product works correctly and gives you something to beat on the vendor with. Most products that we are using either do not require changes or have minimal changes. Kevin George Compuware / U.S. Office of Personnel Management -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Friday, July 15, 2011 9:39 AM To: LINUX-390@VM.MARIST.EDU Subject: Does anyone use SELinux on their zLinux platforms? Does anyone have SELinux up and running as their RBAC security on a zLinux server? I am also curious to know how the have user authentication set up, are they using files (/etc/passwd) LDAP, NIS, PAM or other methods. I am on the learning curve here and would like to hear user experiences as I move forward. I welcome the good, bad and the ugly of comments on this topic. James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, a CA Technologies Company -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 --
Re: SLES11 Updates
Yes, I can confirm that this is corrected. A simple zypper ref and I can
now go into YaST2 and download all the updates. Thanks everyone.
Peter
From: Mark Post
To: LINUX-390@vm.marist.edu
Date: 07/14/2011 02:28 PM
Subject:Re: SLES11 Updates
Sent by:Linux on 390 Port
>>> On 7/14/2011 at 01:02 PM, "Peter E. Abresch Jr. - at Pepco"
wrote:
> I hope that it is that simple. Any idea when the issue will be resolved?
I
I'm told that it is now fixed, so try a refresh, or if that fails a
re-registration.
Mark Post
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
This Email message and any attachment may contain information that is
proprietary, legally privileged, confidential and/or subject to copyright
belonging to Pepco Holdings, Inc. or its affiliates ("PHI"). This Email is
intended solely for the use of the person(s) to which it is addressed. If
you are not an intended recipient, or the employee or agent responsible for
delivery of this Email to the intended recipient(s), you are hereby notified
that any dissemination, distribution or copying of this Email is strictly
prohibited. If you have received this message in error, please immediately
notify the sender and permanently delete this Email and any copies. PHI
policies expressly prohibit employees from making defamatory or offensive
statements and infringing any copyright or any other legal right by Email
communication. PHI will not accept any liability in respect of such
communications.
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/
Re: Will RHEL 4.6 run on z196 under z/VM
Thanks! Thank You, Terry Martin Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191 -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Dave Jones Sent: Friday, July 15, 2011 9:17 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Will RHEL 4.6 run on z196 under z/VM Yes, it will. DJ On 07/15/2011 07:09 AM, Martin, Terry R. (CMS/CTR) (CTR) wrote: > Hi > > > > > > > > I know this was a topic not too long ago so sorry if I am redundant but > I just want to be sure of something, and that is, can I run RHEL 4.6 under > z/VM 5.4 on a z196? We have about 5 guests that we need to convert to RHEL 5 > but the application folks will not have time to convert all of the RHEL 4.6 > guests in time for the z196. > > > > I posted this on the z/VM site as well just in case. > > > > Thanks for the help it is much appreciated! > > > Thank You, > > Terry Martin > Lockheed Martin > CMS - CITIC > 3300 Lord Baltimore Drive, Suite 200, 21244 > Engineering Computing > Mainframe Support > Cell - 443 632-4191 > > > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- Dave Jones V/Soft Software www.vsoft-software.com Houston, TX 281.578.7544 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Does anyone use SELinux on their zLinux platforms?
We are not currently using LDAP for any SELinux information. We use LDAP for normal Linux/unix authentication values like uid, gid, home, etc... We also have sudo using LDAP for its rules so we do not have a sudoers file in /etc and can control it from a central location. We also control which host a given ID is allowed to log on to from the LDAP. The password used is the RACF password because we have enabled the LDAP server to use RACF for password validation. Kevin George Compuware / U.S. Office of Personnel Management -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Friday, July 15, 2011 10:53 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Does anyone use SELinux on their zLinux platforms? Kevin, That sounds like the direction that I am currently trying to promote at our worksite. I have one question with authentication. With LDAP, are you going against RACF for the password and the user Statements with the related Roles and role statements, where are these stored? Are you able to use LDAP as the central location for these values on zOS for all Linux users and servers to access them from? We are not using LDAP, as we have CA's eTrust Top Secret at our shop on the zOS security package. We are using a different tool to retrieve user password, uid & gid from Top Secret at our shop. At this time, CA has stated that they are not supporting SELinux values, but are considering this for the future. James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, a CA Technologies Company Department of Homeland Security/U.S. Customs & Border Protection -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of George, Kevin A Sent: Friday, July 15, 2011 10:36 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Does anyone use SELinux on their zLinux platforms? We are currently implementing Red Hat Linux 5.5 with SELinux enabled. We are using LDAP on z/OS for the authentication. There are some things we had to learn about SELinux before we could successfully install some products and some vendors do not help much. We install third party software with SELinux in permissive mode which, with setroubleshootd enabled, allows you to see what would cause a failure when in enforcing mode. This allows you to correct the SELinux rules so the product works correctly and gives you something to beat on the vendor with. Most products that we are using either do not require changes or have minimal changes. Kevin George Compuware / U.S. Office of Personnel Management -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Friday, July 15, 2011 9:39 AM To: LINUX-390@VM.MARIST.EDU Subject: Does anyone use SELinux on their zLinux platforms? Does anyone have SELinux up and running as their RBAC security on a zLinux server? I am also curious to know how the have user authentication set up, are they using files (/etc/passwd) LDAP, NIS, PAM or other methods. I am on the learning curve here and would like to hear user experiences as I move forward. I welcome the good, bad and the ugly of comments on this topic. James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, a CA Technologies Company -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -
Re: Does anyone use SELinux on their zLinux platforms?
Kevin, That sounds like the direction that I am currently trying to promote at our worksite. I have one question with authentication. With LDAP, are you going against RACF for the password and the user Statements with the related Roles and role statements, where are these stored? Are you able to use LDAP as the central location for these values on zOS for all Linux users and servers to access them from? We are not using LDAP, as we have CA's eTrust Top Secret at our shop on the zOS security package. We are using a different tool to retrieve user password, uid & gid from Top Secret at our shop. At this time, CA has stated that they are not supporting SELinux values, but are considering this for the future. James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, a CA Technologies Company Department of Homeland Security/U.S. Customs & Border Protection -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of George, Kevin A Sent: Friday, July 15, 2011 10:36 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Does anyone use SELinux on their zLinux platforms? We are currently implementing Red Hat Linux 5.5 with SELinux enabled. We are using LDAP on z/OS for the authentication. There are some things we had to learn about SELinux before we could successfully install some products and some vendors do not help much. We install third party software with SELinux in permissive mode which, with setroubleshootd enabled, allows you to see what would cause a failure when in enforcing mode. This allows you to correct the SELinux rules so the product works correctly and gives you something to beat on the vendor with. Most products that we are using either do not require changes or have minimal changes. Kevin George Compuware / U.S. Office of Personnel Management -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Friday, July 15, 2011 9:39 AM To: LINUX-390@VM.MARIST.EDU Subject: Does anyone use SELinux on their zLinux platforms? Does anyone have SELinux up and running as their RBAC security on a zLinux server? I am also curious to know how the have user authentication set up, are they using files (/etc/passwd) LDAP, NIS, PAM or other methods. I am on the learning curve here and would like to hear user experiences as I move forward. I welcome the good, bad and the ugly of comments on this topic. James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, a CA Technologies Company -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Does anyone use SELinux on their zLinux platforms?
We are currently implementing RedHat Linux 5.5 with SELinux enabled. We are using LDAP on z/OS for the authentication. There are some things we had to learn about SELinux before we could successfully install some products and some vendors do not help much. We install third party software with SELinux in permissive mode which, with setroubleshootd enabled, allows you to see what would cause a failure when in enforcing mode. This allows you to correct the SELinux rules so the product works correctly and gives you something to beat on the vendor with. Most products that we are using either do not require changes or have minimal changes. Kevin George Compuware / U.S. Office of Personnel Management -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of CHAPLIN, JAMES (CTR) Sent: Friday, July 15, 2011 9:39 AM To: LINUX-390@VM.MARIST.EDU Subject: Does anyone use SELinux on their zLinux platforms? Does anyone have SELinux up and running as their RBAC security on a zLinux server? I am also curious to know how the have user authentication set up, are they using files (/etc/passwd) LDAP, NIS, PAM or other methods. I am on the learning curve here and would like to hear user experiences as I move forward. I welcome the good, bad and the ugly of comments on this topic. James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, a CA Technologies Company -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Does anyone use SELinux on their zLinux platforms?
Does anyone have SELinux up and running as their RBAC security on a zLinux server? I am also curious to know how the have user authentication set up, are they using files (/etc/passwd) LDAP, NIS, PAM or other methods. I am on the learning curve here and would like to hear user experiences as I move forward. I welcome the good, bad and the ugly of comments on this topic. James Chaplin Systems Programmer, MVS, zVM & zLinux Base Technologies, a CA Technologies Company -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Will RHEL 4.6 run on z196 under z/VM
Yes, it will. DJ On 07/15/2011 07:09 AM, Martin, Terry R. (CMS/CTR) (CTR) wrote: > Hi > > > > > > > > I know this was a topic not too long ago so sorry if I am redundant but > I just want to be sure of something, and that is, can I run RHEL 4.6 under > z/VM 5.4 on a z196? We have about 5 guests that we need to convert to RHEL 5 > but the application folks will not have time to convert all of the RHEL 4.6 > guests in time for the z196. > > > > I posted this on the z/VM site as well just in case. > > > > Thanks for the help it is much appreciated! > > > Thank You, > > Terry Martin > Lockheed Martin > CMS - CITIC > 3300 Lord Baltimore Drive, Suite 200, 21244 > Engineering Computing > Mainframe Support > Cell - 443 632-4191 > > > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- Dave Jones V/Soft Software www.vsoft-software.com Houston, TX 281.578.7544 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Will RHEL 4.6 run on z196 under z/VM
Hi I know this was a topic not too long ago so sorry if I am redundant but I just want to be sure of something, and that is, can I run RHEL 4.6 under z/VM 5.4 on a z196? We have about 5 guests that we need to convert to RHEL 5 but the application folks will not have time to convert all of the RHEL 4.6 guests in time for the z196. I posted this on the z/VM site as well just in case. Thanks for the help it is much appreciated! Thank You, Terry Martin Lockheed Martin CMS - CITIC 3300 Lord Baltimore Drive, Suite 200, 21244 Engineering Computing Mainframe Support Cell - 443 632-4191 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
