Re: Symantec Endpoint Protection (SEP) for installation on zLinux?
On 2015-09-08 19:03, CHAPLIN, JAMES (CTR) wrote: Here the sad ending to this problem, our management has decided that since Symantec or anyone else actively supports an AV Agent for Linux on the z Platform (s390x), they are moving all Linux based application off the mainframe to distributive servers by the end of October... Any good job openings out there ;-(, I am hitting the pavement, future here not good. The irony is that - given your email domain - you are working for the government and any threat to the service is very likely not to be discovered by AV anyway. Moving back to x86 will increase the attack surface because standard exploit code is working on the target platform and doesn't need to be rewritten/retargeted for the System z CPU architecture. Plus it's incredibly unlikely that they would have a signature for exploits on System z. (Apart from the fact that they likely have very few signatures for Linux anyway.) Yes, they say it's behavioral. I have yet to see a solution there that works. Kind regards Philipp Kern -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Symantec Endpoint Protection (SEP) for installation on zLinux?
I so much agree with you on this! Real logic does not apply, it's called government. James Chaplin, ITIL® v3 Foundation Systems Programmer, MVS, zVM & zLinux -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Philipp Kern Sent: Wednesday, September 09, 2015 3:56 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Symantec Endpoint Protection (SEP) for installation on zLinux? On 2015-09-08 19:03, CHAPLIN, JAMES (CTR) wrote: > Here the sad ending to this problem, our management has decided that > since Symantec or anyone else actively supports an AV Agent for Linux > on the z Platform (s390x), they are moving all Linux based application > off the mainframe to distributive servers by the end of October... Any > good job openings out there ;-(, I am hitting the pavement, future > here not good. The irony is that - given your email domain - you are working for the government and any threat to the service is very likely not to be discovered by AV anyway. Moving back to x86 will increase the attack surface because standard exploit code is working on the target platform and doesn't need to be rewritten/retargeted for the System z CPU architecture. Plus it's incredibly unlikely that they would have a signature for exploits on System z. (Apart from the fact that they likely have very few signatures for Linux anyway.) Yes, they say it's behavioral. I have yet to see a solution there that works. Kind regards Philipp Kern -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Symantec Endpoint Protection (SEP) for installation on zLinux?
If agencies are allowed to talk to one another, finding out why Linux on z works for folks like this org might be helpful? http://www.disa.mil/Computing/Mainframe-Hosting/IBM-LINUX Best Regards, Kurt Acker IBM Smarter Planet, Smarter Data Centers Virtualization and Enterprise System Management Technologies -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Bug in cmsfs-fuse?
Hello Mike, Thanks for your detailed report. The CMS file system stores time stamps in local time. The cmsfs-fuse file system has to report time in UTC to the Linux VFS layer. Therefore local time has to be converted to UTC for reading and UTC to local time for writing. IMO this is currently done incorrectly. In case you are interested, we can provide the corresponding s390-tools patch. Regards, Michael On Fri, 4 Sep 2015 11:18:19 -0400 Michael MacIsaac wrote: > Cross-posted to IBMVM and linux-390 > > Is this a bug in cmsfs-fuse? It looks like the timestamp of a file created > on Linux is an hour ahead - note 12:03:12 vs. 11:03:12 below: > > On VM: > -) Link and access a CMS filesystem (THEVIRTM 1191) as F from VM > -) Create a file with a timestamp: > ==> pipe cp query time |> thetime fromvm f > Ready; T=0.01/0.01 10:59:28 > ==> rel f (det > DASD 1191 DETACHED > > On a Linux running on the VM with the CMS disk: > # vmcp link thevirtm 1191 1191 mr > # chccwdev -e 1191 > Setting device 0.0.1191 online > Done > # lsdasd | grep 1191 > 0.0.1191 active dasde 94:16 ECKD 4096 70MB 18000 > # mkdir /srv/CMSdisk > # cmsfs-fuse -a /dev/dasde /srv/CMSdisk > # date > /srv/CMSdisk/thetime.onlinux > # fusermount -u /srv/CMSdisk/ > # chccwdev -d 1191 > Setting device 0.0.1191 offline > Done > # vmcp DETACH 1191 > DASD 1191 DETACHED > > Back on VM: > ==> vmlink thevirtm 1191 > ==> filel * * z > THETIME ONLINUX Z1 V 28 1 1 9/04/15 > 12:03:12 > THETIME FROMVM Z1 V 54 2 1 9/04/15 > 10:59:28 > ==> type THETIME FROMVM Z > > TIME IS 10:59:28 EDT FRIDAY 09/04/15 > CONNECT= 00:06:13 VIRTCPU= 000:00.00 TOTCPU= 000:00.01 > > ==> type THETIME ONLINUX Z > > Fri Sep 4 11:03:12 EDT 2015 > > -Mike M > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > -- > For more information on Linux on System z, visit > http://wiki.linuxvm.org/ > -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
