Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

...@listserv.uark.edu] On Behalf Of Bob Bates Sent: Sunday, November 22, 2009 6:43 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system This may have already been checked, but be sure the correct text were included in the last gen. VMSECURE QCPCFG will tell

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

] On Behalf Of Schuh, Richard Sent: Monday, November 23, 2009 11:25 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system If the HCPRPx modules are included in the nucleus, your operators will be very aware of it if the Rules Facility is not running

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

. From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Bob Bates Sent: Monday, November 23, 2009 12:38 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system Granted, but were the correct texts included in the last

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

Now that thare's more info, that looks to me like a bug in VM:Secure. If VM:Secure was running without error messages and was never brought down and if it correctly resolved the rules for a user that is a member of a security group only after it left/rejoined the same group, then that is a bug.

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

. From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Ivica Brodaric Sent: Monday, November 23, 2009 3:41 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system Now that thare's more info, that looks to me like a bug

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system That's correct, and should be investigated, but if there are any other rules that allow this link, then VMSECURE QRULES JHUG LINK MAINT 123 should not tell you that the LINK would be rejected via NORULE DEFAULT. I agree

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

That's correct, and should be investigated, but if there are any other rules that allow this link, then VMSECURE QRULES JHUG LINK MAINT 123 should not tell you that the LINK would be rejected via NORULE DEFAULT. I agree, but if it says that the link would be rejected, then it should be

Z/VM 5.4 and VM:Secure running a CLOSED security system

We are moving towards running VM:Secure with RULES enabled as a CLOSED security system. Our testing isn't going as well as we hoped. We have had RULES enabled for many years with NORULE ACCEPT in effect. We changed to NURULE REJECT and some funny things are happening. Anyone can issue any

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

REJECT :-) Regards, Richard Schuh From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Hughes, Jim Sent: Friday, November 20, 2009 8:29 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Z/VM 5.4 and VM:Secure running a CLOSED security

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

. From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Schuh, Richard Sent: Friday, November 20, 2009 11:48 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system In my version of the VM:Secure Reference, only GROUP, LOGON

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

@LISTSERV.UARK.EDU Subject: Z/VM 5.4 and VM:Secure running a CLOSED security system We are moving towards running VM:Secure with RULES enabled as a CLOSED security system. Our testing isn't going as well as we hoped. We have had RULES enabled for many years with NORULE ACCEPT in effect. We changed

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

Of Imler, Steven J Sent: Friday, November 20, 2009 1:05 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system Is the READ password ALL for MAINT 123? JR (Steven) Imler CA Senior Sustaining Engineer Tel: +1-703-708-3479 steven.im...@ca.com From

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Hughes, Jim Sent: Friday, November 20, 2009 9:25 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system We really did change to NORULE REJECT and ipled the test system. NORULE REJECT

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

On Friday, 11/20/2009 at 11:29 EST, Hughes, Jim jim.hug...@doit.nh.gov wrote: We are moving towards running VM:Secure with RULES enabled as a CLOSED security system. Our testing isn?t going as well as we hoped. We have had RULES enabled for many years with NORULE ACCEPT in effect. We

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Schuh, Richard Sent: Friday, November 20, 2009 1:22 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Z/VM 5.4 and VM:Secure running a CLOSED security system I agree that it is intuitive that NORULE REJECT would reject non-directory

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

I may have discovered something regarding a GROUP rule. There are also explicit and default rules for system and groups. Check them all. The rules hierarchy is: 1. Systems rules 2. Group rules 3. User rules 4. Group default rules 5. System default rules 6. NORULE ACCEPT | REJECT in SECURITY

Re: Z/VM 5.4 and VM:Secure running a CLOSED security system

The rules hierarchy is: 1. Systems rules 2. Group rules 3. User rules 4. Group default rules 5. System default rules 6. NORULE ACCEPT | REJECT in SECURITY CONFIG file NORULE record is processed only if applicable rule is not found in any o f the 1-5 above (in that order). Ivica That's