Pervasive Encryption for Data Volumes
It's a good time to pervasively encrypt with Linux!
A new Linux publication from IBM describes an infrastructure for protected
volume encryption, which provides end-to-end protection for data at rest
for Linux on IBM Z and LinuxONE.
Read it here:
IBM Kn
On Tue, 17 Dec 2002, Matt Zimmerman wrote:
> On Tue, Dec 17, 2002 at 04:08:26PM +0100, Susanne Oberhauser wrote:
>
> > Nevertheless would you agree with me that for systmes claiming to run on
> > *Linux*, relying on the existence of a user 'root' should be ok? This
> > would allow portable softwa
On Tue, Dec 17, 2002 at 04:08:26PM +0100, Susanne Oberhauser wrote:
> Nevertheless would you agree with me that for systmes claiming to run on
> *Linux*, relying on the existence of a user 'root' should be ok? This
> would allow portable software to have just *one* platform specific backend
> for
On Tue, 2002-12-17 at 15:08, Susanne Oberhauser wrote:
> Nevertheless would you agree with me that for systmes claiming to run
> on *Linux*, relying on the existence of a user 'root' should be ok?
> This would allow portable software to have just *one* platform
> specific backend for *all* flavors
Matt Zimmerman <[EMAIL PROTECTED]> writes:
> On Mon, Dec 16, 2002 at 05:08:54PM +0100, Susanne Oberhauser wrote:
>
> > Sergey Korzhevsky <[EMAIL PROTECTED]> writes:
> >
> > > Could you explain me, please, what is the reason to remove 'root'
> > > name from a system?
> >
> > there is none --- to th
On Mon, 16 Dec 2002, Sergey Korzhevsky wrote:
> It is all right, but when i asked this question, i mean for security. Does
> it improve security?
Not nearly as much as having a decent password.
--
Cheers
John.
Join the "Linux Support by Small Businesses" list at
http://mail.computerdatasafe
On Mon, Dec 16, 2002 at 05:08:54PM +0100, Susanne Oberhauser wrote:
> Sergey Korzhevsky <[EMAIL PROTECTED]> writes:
>
> > Could you explain me, please, what is the reason to remove 'root'
> > name from a system?
>
> there is none --- to the contrary doing so is Evil (tm) for LSB
> compliant distri
Sergey Korzhevsky <[EMAIL PROTECTED]> writes:
> Hi
>
> Could you explain me, please, what is the reason to remove 'root'
> name from a system?
there is none --- to the contrary doing so is Evil (tm) for LSB
compliant distributions.
>From http://www.linuxbase.org/spec/gLSB/gLSB/usernames.html:
]
cc:
Subject: Re: LINUX & Security
On Mon, 2002-12-16 at 14:53, Daniel Jarboe wrote:
> So what about names like like /etc, /mnt, /var, /bin, /proc, which
> probably don't translate well either. And commands (ls, mv, cp), and
> file names (/etc/shadow, /et
On Mon, 2002-12-16 at 14:53, Daniel Jarboe wrote:
> So what about names like like /etc, /mnt, /var, /bin, /proc, which
> probably don't translate well either. And commands (ls, mv, cp), and
> file names (/etc/shadow, /etc/fstab). Where does one draw the line?
Wherever you like. Note that for fil
Alan Cox wrote:
> On Mon, 2002-12-16 at 11:04, Sergey Korzhevsky wrote:
> > Could you explain me, please, what is the reason to remove
> > 'root' name from a system?
>
> In many languages the letter sequence "root" is meaningless,
> or even not
> in their default characters.
>
So what about names
On Mon, 2002-12-16 at 11:04, Sergey Korzhevsky wrote:
> Hi
>
> Could you explain me, please, what is the reason to remove 'root' name
> from a system?
In many languages the letter sequence "root" is meaningless, or even not
in their default characters.
Hi
Could you explain me, please, what is the reason to remove 'root' name
from a system?
Local user can read /etc/passwd and find out who is really root, so it is
not save us.
For remote logins we can disable root. Is this not enough?
Thank you.
WBR, Sergey
On Thu, 12 Dec 2002, Matt Zimmerman wrote:
> On Thu, Dec 12, 2002 at 04:53:54PM -0500, Matt Zimmerman wrote:
>
> > Bug
>
> Bug #172831, that is.
Thanks Matt.
One of the things I like about Debian is the ability to report bugs bu
email.
I've not yet tried reporting a bug offline, but I have hope
James Melin
<[EMAIL PROTECTED]To: [EMAIL PROTECTED]
epin.mn.us> cc:
Sent by: Linux on Subject: Re: [LINUX-390] LINUX &
Security
On Thu, Dec 12, 2002 at 04:53:54PM -0500, Matt Zimmerman wrote:
> Bug
Bug #172831, that is.
--
- mdz
On Fri, Dec 13, 2002 at 05:25:52AM +0800, John Summerfield wrote:
> On Thu, 12 Dec 2002, Matt Zimmerman wrote:
> > Please report a bug against that package, or tell me where you saw this and
> > I will report the bug.
>
> The script is su-to-root, the package menu.
Bug
> I'd certainly not bet th
On Thu, 12 Dec 2002, Matt Zimmerman wrote:
> On Thu, Dec 12, 2002 at 10:18:07AM +0800, John Summerfield wrote:
>
> > However, don't suppose that not having a root account called root is
> > something you would want to do.
>
> It would earn you dirty looks from wizened UNIX folk, but should be
> su
On Thu, Dec 12, 2002 at 10:18:07AM +0800, John Summerfield wrote:
> However, don't suppose that not having a root account called root is
> something you would want to do.
It would earn you dirty looks from wizened UNIX folk, but should be
supported.
> Just a couple of hours ago I was looking at
On Thu, 2002-12-12 at 02:18, John Summerfield wrote:
> However, don't suppose that not having a root account called root is something
> you would want to do.
>
> Just a couple of hours ago I was looking at a Debian script that asumes "id -u
> -n" returns root for UID=0.
I've run RH boxes without "
On Wed, 11 Dec 2002 23:42, you wrote:
> On Wed, 2002-12-11 at 13:02, Carlos Ordonez wrote:
> > Vince, I guess my question is, if I have 50 linux images running under VM
> > and each of them have a root user, can I have a different password for
> > each of them? Carlos :-)
>
> You don't have to call
daemons patched up to the minute.
M Katz
RAE Internet
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED]]On Behalf Of
Jere Julian
Sent: Wednesday, December 11, 2002 11:24 AM
To: [EMAIL PROTECTED]
Subject: Re: LINUX & Security
While there are exceptions to every rule i
While there are exceptions to every rule it is VERY BAD form to use the
root account for much of anything! Its just too dangerous. The
current best practice is to disable logins as root. First root should
never login over a network and probably should be locked completely.
what one should do in
At 23:20 10-12-02, Re, Vincent wrote:
>If you're asking whether you can have multiple user IDs with UID=0, then
>the answer is yes.
We tried this because I thought it would be nice to automatically logon the account
'Operator' on the console and let it have uid=0, but be able to separate from 'r
On Wed, 2002-12-11 at 13:02, Carlos Ordonez wrote:
> Vince, I guess my question is, if I have 50 linux images running under VM
> and each of them have a root user, can I have a different password for each
> of them? Carlos :-)
You don't have to call your uid 0 root either btw. Unix cares about uid
Does it work with Top Secret on z/OS 1.4 ?
-Original Message-
From: Re, Vincent [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 10, 2002 3:32 PM
To: [EMAIL PROTECTED]
Subject:Re: LINUX & Security
The short answer is that yes, we're committed to including P
On Wed, 11 Dec 2002, Ihno Krumreich wrote:
>
> I hope my understanding of the terms is right..
> For me accouting is to find out WHO has used a resource how much (to write bills).
> systat does not provide this information. systat just tells you
> how much a resource has been used at a given time.
|
| From:
|
|
> if I have 50 linux images running under VM and
> each of them have a root user, can I have a different
> password for each of them?
There are lots of options here, depending on exactly what you're trying
to achieve. Personally (as one who hates to remember different
passwords), I would rather
On Wed, Dec 11, 2002 at 08:02:49AM -0500, Carlos Ordonez wrote:
> Vince, I guess my question is, if I have 50 linux images running under VM
> and each of them have a root user, can I have a different password for each
> of them? Carlos :-)
>
Every image is a complete linux system independend of ot
On Tue, 10 Dec 2002 15:06:39 -0500 David Boyes said:
>> If you are an ACF2 (or CA-Top Secret) customer, then we have an
>> open-source PAM plug-in that lets you authenticate directly
>> against ACF2
>> or Top Secret. The client side (the part that runs on Linux) is
>> available in source code or pr
|
|cc:
|
| From:
|
| Sub
Thanks to everyone !!
Joe
>>> [EMAIL PROTECTED] 12/10/02 06:11PM >>>
On Wednesday 11 December 2002 04:42 am, you wrote:
> Hello, we have just started to research SUSE Linux under z/VM, and I've
> been asked these questions:
>
> - Does SUSE Linux issue any SAF (RACF) calls for security in the z/VM
On Wednesday 11 December 2002 04:42 am, you wrote:
> Hello, we have just started to research SUSE Linux under z/VM, and I've
> been asked these questions:
>
> - Does SUSE Linux issue any SAF (RACF) calls for security in the z/VM
> environment ? If not, how is security handled ?
>
> - Are there any
On Wed, Dec 11, 2002 at 05:33:02AM +0800, John Summerfield wrote:
> On Tue, 10 Dec 2002, A. Harry Williams wrote:
>
> > >> - Are there any types of "SMF" records cut to record access
> > >> or violations to resources in a Linux z/VM environment ?
>
> I don't know of a way to detect accesses to data
> Vince, can you have multiple root ids and passwords? Carlos :-)
If you're asking whether you can have multiple user IDs with UID=0, then
the answer is yes. UID/GID, shell program and home directory all come
from the PAM server (ACF2, Top Secret, etc.), and there's no reason you
couldn't have mul
Tuesday, December 10, 2002 11:31 AM
> To: [EMAIL PROTECTED]
> Subject: Re: LINUX & Security
>
> Although I'm not deep enough into the process to be dangerous, you
> might want to look at the z/OS LDAP server. Check the Redbook
> "Securing Linux for zSeries
On Tue, 10 Dec 2002, A. Harry Williams wrote:
> >> - Are there any types of "SMF" records cut to record access
> >> or violations to resources in a Linux z/VM environment ?
I don't know of a way to detect accesses to datasets a user shouldn't be
accessing. An ordinary user can't read /etc/shadow,
Poole
> Reply To: Linux on 390 Port
> Sent: Tuesday, December 10, 2002 11:31 AM
> To: [EMAIL PROTECTED]
> Subject: Re: LINUX & Security
>
> Although I'm not deep enough into the process to be dangerous, you
> might want to look at the z/OS LDAP ser
> Is this a proprietary solution?
The client side (the PAM plug-in that runs on Linux) is open-source. In
the example we talked about below, the *server* - which is an integrated
feature of our ACF2 (or our other security products) - is proprietary,
but there's no reason that IBM (or anyone else)
|
| From:
|
| Sub
our eTrust Access Control product, which
runs on Windows, Linux (mainframe and Intel) and a number of UNIX
platforms.
Vince Re
Computer Associates
-Original Message-
From: David Boyes [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 10, 2002 3:07 PM
To: [EMAIL PROTECTED]
Subject:
olution be faster?
Chuck Gowans
USDA - Nat'l IT Center
-Original Message-
From: Re, Vincent [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 10, 2002 1:49 PM
To: [EMAIL PROTECTED]
Subject: Re: LINUX & Security
If you are an ACF2 (or CA-Top Secret) customer, then we have an
o
|
| Subject: Re: LINUX & Security
|
>--|
If you
> If you are an ACF2 (or CA-Top Secret) customer, then we have an
> open-source PAM plug-in that lets you authenticate directly
> against ACF2
> or Top Secret. The client side (the part that runs on Linux) is
> available in source code or pre-built RPM form (both Intel
> and mainframe
> Linux). The
Vince Re
Computer Associates
-Original Message-
From: James Melin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 10, 2002 1:27 PM
To: [EMAIL PROTECTED]
Subject: Re: LINUX & Security
I'd like to add a follow-on question to this
Has anone gotten Linux to update user ID
d a follow-on question to this
Has anone gotten Linux to update user ID's/Passwords from an NT
central domain ? Is it possible to synchronize those, or failing
that has anyone gotten Linux security to refresh from RACF or ACF2
secuirity databases, or even authenticate logon using LDAP int
age-
From: James Melin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 10, 2002 12:27 PM
To: [EMAIL PROTECTED]
Subject: Re: LINUX & Security
I'd like to add a follow-on question to this
Has anone gotten Linux to update user ID's/Passwords from an NT central
domain ? Is it
I'd like to add a follow-on question to this
Has anone gotten Linux to update user ID's/Passwords from an NT central
domain ? Is it possible to synchronize those, or failing that has anyone
gotten Linux security to refresh from RACF or ACF2 secuirity databases, or
even authenti
exact same format as the CP generated bad logon,
bad link etc.
>
>> - Does anyone have a link to more specific security / Linux
>> information ?
>
>It is done exactly like discrete Intel boxes. Your local bookstore
>should have plenty of Linux security books.
ary SVC 76 support for writing accounting records, but this
also doesn't fit the bill.
> - Does anyone have a link to more specific security / Linux
> information ?
It is done exactly like discrete Intel boxes. Your local bookstore
should have plenty of Linux security books.
Hello, we have just started to research SUSE Linux under z/VM, and I've been asked
these questions:
- Does SUSE Linux issue any SAF (RACF) calls for security in the z/VM environment ? If
not, how is security handled ?
- Are there any types of "SMF" records cut to record access or violations to
> I have to find some answers to these questions for our security
> plan (why is that part always harder than the install). This is
> for SuSE 2.4.7 kernel.
>
>
> 1. How can I enforce a password to contain at least 1
>numeric, 1 alpha, and 1 special character?
I suspect you will need to chan
]
Sent: Thursday, May 02, 2002 4:37 PM
To: [EMAIL PROTECTED]
Subject: Linux security questions
I have to find some answers to these questions for our security
plan (why is that part always harder than the install). This is
for SuSE 2.4.7 kernel.
1. How can I enforce a password to contain at
Mary Cortes wrote:
>1. How can I enforce a password to contain at least 1
> numeric, 1 alpha, and 1 special character?
>
>2. How can I lockout a userid after 3 bad attempts at
> password
>
>3. How can I set a login to timeout if a valid userid/pwd
> is not entered within 2 minutes?
This is
I have to find some answers to these questions for our security
plan (why is that part always harder than the install). This is
for SuSE 2.4.7 kernel.
1. How can I enforce a password to contain at least 1
numeric, 1 alpha, and 1 special character?
2. How can I lockout a userid after 3 bad a
[EMAIL PROTECTED] said:
> "Last month, after a memo from Microsoft Chairman Bill Gates directing
> the software giant's programmers to make security the No. 1 priority,
> top execs said the company would spend three to four weeks training
> its developers in secure coding techniques and auditing e
A colleague forwarded this URL to me today. The article talks about DARPA
funding a project to better ensure Open Source software gets audited for
security exposures. One _hilarious_ statement though is this:
"Software security holes caused by a lack of proper review don't plague just
the open-s
See: http://linuxtoday.com/news_story.php3?ltsn=2002-01-08-004-20-SC-EL-HE
"Here are a couple of white papers recently released by the
IBM T.J. Watson Research Center in January of 2002 concerning
the state of Linux Security for Enterprise systems. In addition
to that you can take a lo
On Thu, 20 Dec 2001, Gerard Graham wrote:
> In our efforts to move Linux along we are try to get internet access to our
> mainframe running Linux under VM. With that said I need to furnish my security
> department with documentation and articles that releate to Linux security. This
&
efinitive guide.
I've got 'em both, and they have come in handy over the years...
-Original Message-
From: Post, Mark K [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 20, 2001 10:26 AM
To: [EMAIL PROTECTED]
Subject: Re: Linux Security
Something else came to mind, and that
quot;
Mark Post
-Original Message-
From: Gerard Graham [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 20, 2001 10:00 AM
To: [EMAIL PROTECTED]
Subject: Linux Security
In our efforts to move Linux along we are try to get internet access to our
mainframe running Linux under VM. With
nux onSubject: Linux Security
390 Port
<[EMAIL PROTECTED]
IST.EDU>
12/20/01 09:59 AM
Please respond to
Linux on 390 Port
In our efforts to move Linux
) - http://www.psionic.com/papers/dns/dns-linux
Linux-Privs - POSIX capabilities (security) -
http://www.uk.kernel.org/pub/linux/libs/security/linux-privs/
Linux Security "State of the Union" -
http://oss.software.ibm.com/developer/opensource/linux/whitepapers/LTC-Secur
ity-Whitepaper-external
wrote:
> In our efforts to move Linux along we are try to get internet access to our
> mainframe running Linux under VM. With that said I need to furnish my security
> department with documentation and articles that releate to Linux security. This
> is a new world for them and the better u
In our efforts to move Linux along we are try to get internet access to our
mainframe running Linux under VM. With that said I need to furnish my security
department with documentation and articles that releate to Linux security. This
is a new world for them and the better understanding they have
66 matches
Mail list logo