...@listserv.uark.edu] On Behalf
Of Bob Bates
Sent: Sunday, November 22, 2009 6:43 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system
This may have already been checked, but be sure the correct text were included
in the last gen.
VMSECURE QCPCFG will tell
] On Behalf
Of Schuh, Richard
Sent: Monday, November 23, 2009 11:25 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system
If the HCPRPx modules are included in the nucleus, your operators will be very
aware of it if the Rules Facility is not running
.
From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On
Behalf Of Bob Bates
Sent: Monday, November 23, 2009 12:38 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system
Granted, but were the correct texts included in the last
Now that thare's more info, that looks to me like a bug in VM:Secure.
If VM:Secure was running without error messages and was never brought down
and if it correctly resolved the rules for a user that is a member of a
security group only after it left/rejoined the same group, then that is a
bug.
.
From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On
Behalf Of Ivica Brodaric
Sent: Monday, November 23, 2009 3:41 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system
Now that thare's more info, that looks to me like a bug
Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system
That's correct, and should be investigated, but if there are any other
rules that allow this link, then
VMSECURE QRULES JHUG LINK MAINT 123
should not tell you that the LINK would be rejected via NORULE DEFAULT.
I agree
That's correct, and should be investigated, but if there are any other
rules that allow this link, then
VMSECURE QRULES JHUG LINK MAINT 123
should not tell you that the LINK would be rejected via NORULE DEFAULT.
I agree, but if it says that the link would be rejected, then it should be
We are moving towards running VM:Secure with RULES enabled as a CLOSED
security system.
Our testing isn't going as well as we hoped. We have had RULES enabled
for many years with NORULE ACCEPT in effect. We changed to NURULE REJECT
and some funny things are happening.
Anyone can issue any
REJECT :-)
Regards,
Richard Schuh
From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf
Of Hughes, Jim
Sent: Friday, November 20, 2009 8:29 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Z/VM 5.4 and VM:Secure running a CLOSED security
.
From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On
Behalf Of Schuh, Richard
Sent: Friday, November 20, 2009 11:48 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system
In my version of the VM:Secure Reference, only GROUP, LOGON
@LISTSERV.UARK.EDU
Subject: Z/VM 5.4 and VM:Secure running a CLOSED security system
We are moving towards running VM:Secure with RULES enabled as a CLOSED
security system.
Our testing isn't going as well as we hoped. We have had RULES enabled
for many years with NORULE ACCEPT in effect. We changed
Of Imler, Steven J
Sent: Friday, November 20, 2009 1:05 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system
Is the READ password ALL for MAINT 123?
JR (Steven) Imler
CA
Senior Sustaining Engineer
Tel: +1-703-708-3479
steven.im...@ca.com
From
: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf
Of Hughes, Jim
Sent: Friday, November 20, 2009 9:25 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system
We really did change to NORULE REJECT and ipled the test system. NORULE REJECT
On Friday, 11/20/2009 at 11:29 EST, Hughes, Jim jim.hug...@doit.nh.gov
wrote:
We are moving towards running VM:Secure with RULES enabled as a CLOSED
security
system.
Our testing isn?t going as well as we hoped. We have had RULES enabled
for many
years with NORULE ACCEPT in effect. We
/VM Operating System [mailto:ib...@listserv.uark.edu] On
Behalf Of Schuh, Richard
Sent: Friday, November 20, 2009 1:22 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system
I agree that it is intuitive that NORULE REJECT would reject
non-directory
I may have discovered something regarding a GROUP rule.
There are also explicit and default rules for system and groups. Check them
all. The rules hierarchy is:
1. Systems rules
2. Group rules
3. User rules
4. Group default rules
5. System default rules
6. NORULE ACCEPT | REJECT in SECURITY
The rules hierarchy is:
1. Systems rules
2. Group rules
3. User rules
4. Group default rules
5. System default rules
6. NORULE ACCEPT | REJECT in SECURITY CONFIG file
NORULE record is processed only if applicable rule is not found in any o
f
the 1-5 above (in that order).
Ivica
That's
17 matches
Mail list logo