New IBM Linux security publication: Pervasive Encryption for Data Volumes

Pervasive Encryption for Data Volumes It's a good time to pervasively encrypt with Linux! A new Linux publication from IBM describes an infrastructure for protected volume encryption, which provides end-to-end protection for data at rest for Linux on IBM Z and LinuxONE. Read it here: IBM Kn

Re: LINUX & Security

On Tue, 17 Dec 2002, Matt Zimmerman wrote: > On Tue, Dec 17, 2002 at 04:08:26PM +0100, Susanne Oberhauser wrote: > > > Nevertheless would you agree with me that for systmes claiming to run on > > *Linux*, relying on the existence of a user 'root' should be ok? This > > would allow portable softwa

Re: LINUX & Security

On Tue, Dec 17, 2002 at 04:08:26PM +0100, Susanne Oberhauser wrote: > Nevertheless would you agree with me that for systmes claiming to run on > *Linux*, relying on the existence of a user 'root' should be ok? This > would allow portable software to have just *one* platform specific backend > for

Re: LINUX & Security

On Tue, 2002-12-17 at 15:08, Susanne Oberhauser wrote: > Nevertheless would you agree with me that for systmes claiming to run > on *Linux*, relying on the existence of a user 'root' should be ok? > This would allow portable software to have just *one* platform > specific backend for *all* flavors

Re: LINUX & Security

Matt Zimmerman <[EMAIL PROTECTED]> writes: > On Mon, Dec 16, 2002 at 05:08:54PM +0100, Susanne Oberhauser wrote: > > > Sergey Korzhevsky <[EMAIL PROTECTED]> writes: > > > > > Could you explain me, please, what is the reason to remove 'root' > > > name from a system? > > > > there is none --- to th

Re: LINUX & Security

On Mon, 16 Dec 2002, Sergey Korzhevsky wrote: > It is all right, but when i asked this question, i mean for security. Does > it improve security? Not nearly as much as having a decent password. -- Cheers John. Join the "Linux Support by Small Businesses" list at http://mail.computerdatasafe

Re: LINUX & Security

On Mon, Dec 16, 2002 at 05:08:54PM +0100, Susanne Oberhauser wrote: > Sergey Korzhevsky <[EMAIL PROTECTED]> writes: > > > Could you explain me, please, what is the reason to remove 'root' > > name from a system? > > there is none --- to the contrary doing so is Evil (tm) for LSB > compliant distri

Re: LINUX & Security

Sergey Korzhevsky <[EMAIL PROTECTED]> writes: > Hi > > Could you explain me, please, what is the reason to remove 'root' > name from a system? there is none --- to the contrary doing so is Evil (tm) for LSB compliant distributions. >From http://www.linuxbase.org/spec/gLSB/gLSB/usernames.html:

Re: LINUX & Security

] cc: Subject: Re: LINUX & Security On Mon, 2002-12-16 at 14:53, Daniel Jarboe wrote: > So what about names like like /etc, /mnt, /var, /bin, /proc, which > probably don't translate well either. And commands (ls, mv, cp), and > file names (/etc/shadow, /et

Re: LINUX & Security

On Mon, 2002-12-16 at 14:53, Daniel Jarboe wrote: > So what about names like like /etc, /mnt, /var, /bin, /proc, which > probably don't translate well either. And commands (ls, mv, cp), and > file names (/etc/shadow, /etc/fstab). Where does one draw the line? Wherever you like. Note that for fil

Re: LINUX & Security

Alan Cox wrote: > On Mon, 2002-12-16 at 11:04, Sergey Korzhevsky wrote: > > Could you explain me, please, what is the reason to remove > > 'root' name from a system? > > In many languages the letter sequence "root" is meaningless, > or even not > in their default characters. > So what about names

Re: LINUX & Security

On Mon, 2002-12-16 at 11:04, Sergey Korzhevsky wrote: > Hi > > Could you explain me, please, what is the reason to remove 'root' name > from a system? In many languages the letter sequence "root" is meaningless, or even not in their default characters.

Re: LINUX & Security

Hi Could you explain me, please, what is the reason to remove 'root' name from a system? Local user can read /etc/passwd and find out who is really root, so it is not save us. For remote logins we can disable root. Is this not enough? Thank you. WBR, Sergey

Re: LINUX & Security

On Thu, 12 Dec 2002, Matt Zimmerman wrote: > On Thu, Dec 12, 2002 at 04:53:54PM -0500, Matt Zimmerman wrote: > > > Bug > > Bug #172831, that is. Thanks Matt. One of the things I like about Debian is the ability to report bugs bu email. I've not yet tried reporting a bug offline, but I have hope

Re: LINUX & Security

James Melin <[EMAIL PROTECTED]To: [EMAIL PROTECTED] epin.mn.us> cc: Sent by: Linux on Subject: Re: [LINUX-390] LINUX & Security

Re: LINUX & Security

On Thu, Dec 12, 2002 at 04:53:54PM -0500, Matt Zimmerman wrote: > Bug Bug #172831, that is. -- - mdz

Re: LINUX & Security

On Fri, Dec 13, 2002 at 05:25:52AM +0800, John Summerfield wrote: > On Thu, 12 Dec 2002, Matt Zimmerman wrote: > > Please report a bug against that package, or tell me where you saw this and > > I will report the bug. > > The script is su-to-root, the package menu. Bug > I'd certainly not bet th

Re: LINUX & Security

On Thu, 12 Dec 2002, Matt Zimmerman wrote: > On Thu, Dec 12, 2002 at 10:18:07AM +0800, John Summerfield wrote: > > > However, don't suppose that not having a root account called root is > > something you would want to do. > > It would earn you dirty looks from wizened UNIX folk, but should be > su

Re: LINUX & Security

On Thu, Dec 12, 2002 at 10:18:07AM +0800, John Summerfield wrote: > However, don't suppose that not having a root account called root is > something you would want to do. It would earn you dirty looks from wizened UNIX folk, but should be supported. > Just a couple of hours ago I was looking at

Re: LINUX & Security

On Thu, 2002-12-12 at 02:18, John Summerfield wrote: > However, don't suppose that not having a root account called root is something > you would want to do. > > Just a couple of hours ago I was looking at a Debian script that asumes "id -u > -n" returns root for UID=0. I've run RH boxes without "

Re: LINUX & Security

On Wed, 11 Dec 2002 23:42, you wrote: > On Wed, 2002-12-11 at 13:02, Carlos Ordonez wrote: > > Vince, I guess my question is, if I have 50 linux images running under VM > > and each of them have a root user, can I have a different password for > > each of them? Carlos :-) > > You don't have to call

Re: LINUX & Security

daemons patched up to the minute. M Katz RAE Internet -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED]]On Behalf Of Jere Julian Sent: Wednesday, December 11, 2002 11:24 AM To: [EMAIL PROTECTED] Subject: Re: LINUX & Security While there are exceptions to every rule i

Re: LINUX & Security

While there are exceptions to every rule it is VERY BAD form to use the root account for much of anything! Its just too dangerous. The current best practice is to disable logins as root. First root should never login over a network and probably should be locked completely. what one should do in

Re: LINUX & Security

At 23:20 10-12-02, Re, Vincent wrote: >If you're asking whether you can have multiple user IDs with UID=0, then >the answer is yes. We tried this because I thought it would be nice to automatically logon the account 'Operator' on the console and let it have uid=0, but be able to separate from 'r

Re: LINUX & Security

On Wed, 2002-12-11 at 13:02, Carlos Ordonez wrote: > Vince, I guess my question is, if I have 50 linux images running under VM > and each of them have a root user, can I have a different password for each > of them? Carlos :-) You don't have to call your uid 0 root either btw. Unix cares about uid

Re: LINUX & Security

Does it work with Top Secret on z/OS 1.4 ? -Original Message- From: Re, Vincent [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 3:32 PM To: [EMAIL PROTECTED] Subject:Re: LINUX & Security The short answer is that yes, we're committed to including P

Re: LINUX & Security

On Wed, 11 Dec 2002, Ihno Krumreich wrote: > > I hope my understanding of the terms is right.. > For me accouting is to find out WHO has used a resource how much (to write bills). > systat does not provide this information. systat just tells you > how much a resource has been used at a given time.

Re: LINUX & Security

| | From: | |

Re: LINUX & Security

> if I have 50 linux images running under VM and > each of them have a root user, can I have a different > password for each of them? There are lots of options here, depending on exactly what you're trying to achieve. Personally (as one who hates to remember different passwords), I would rather

Re: LINUX & Security

On Wed, Dec 11, 2002 at 08:02:49AM -0500, Carlos Ordonez wrote: > Vince, I guess my question is, if I have 50 linux images running under VM > and each of them have a root user, can I have a different password for each > of them? Carlos :-) > Every image is a complete linux system independend of ot

Re: LINUX & Security

On Tue, 10 Dec 2002 15:06:39 -0500 David Boyes said: >> If you are an ACF2 (or CA-Top Secret) customer, then we have an >> open-source PAM plug-in that lets you authenticate directly >> against ACF2 >> or Top Secret. The client side (the part that runs on Linux) is >> available in source code or pr

Re: LINUX & Security

| |cc: | | From: | | Sub

Re: LINUX & Security

Thanks to everyone !! Joe >>> [EMAIL PROTECTED] 12/10/02 06:11PM >>> On Wednesday 11 December 2002 04:42 am, you wrote: > Hello, we have just started to research SUSE Linux under z/VM, and I've > been asked these questions: > > - Does SUSE Linux issue any SAF (RACF) calls for security in the z/VM

Re: LINUX & Security

On Wednesday 11 December 2002 04:42 am, you wrote: > Hello, we have just started to research SUSE Linux under z/VM, and I've > been asked these questions: > > - Does SUSE Linux issue any SAF (RACF) calls for security in the z/VM > environment ? If not, how is security handled ? > > - Are there any

Re: LINUX & Security

On Wed, Dec 11, 2002 at 05:33:02AM +0800, John Summerfield wrote: > On Tue, 10 Dec 2002, A. Harry Williams wrote: > > > >> - Are there any types of "SMF" records cut to record access > > >> or violations to resources in a Linux z/VM environment ? > > I don't know of a way to detect accesses to data

Re: LINUX & Security

> Vince, can you have multiple root ids and passwords? Carlos :-) If you're asking whether you can have multiple user IDs with UID=0, then the answer is yes. UID/GID, shell program and home directory all come from the PAM server (ACF2, Top Secret, etc.), and there's no reason you couldn't have mul

Re: LINUX & Security

Tuesday, December 10, 2002 11:31 AM > To: [EMAIL PROTECTED] > Subject: Re: LINUX & Security > > Although I'm not deep enough into the process to be dangerous, you > might want to look at the z/OS LDAP server. Check the Redbook > "Securing Linux for zSeries

Re: LINUX & Security

On Tue, 10 Dec 2002, A. Harry Williams wrote: > >> - Are there any types of "SMF" records cut to record access > >> or violations to resources in a Linux z/VM environment ? I don't know of a way to detect accesses to datasets a user shouldn't be accessing. An ordinary user can't read /etc/shadow,

Re: LINUX & Security

Poole > Reply To: Linux on 390 Port > Sent: Tuesday, December 10, 2002 11:31 AM > To: [EMAIL PROTECTED] > Subject: Re: LINUX & Security > > Although I'm not deep enough into the process to be dangerous, you > might want to look at the z/OS LDAP ser

Re: LINUX & Security

> Is this a proprietary solution? The client side (the PAM plug-in that runs on Linux) is open-source. In the example we talked about below, the *server* - which is an integrated feature of our ACF2 (or our other security products) - is proprietary, but there's no reason that IBM (or anyone else)

Re: LINUX & Security

| | From: | | Sub

Re: LINUX & Security

our eTrust Access Control product, which runs on Windows, Linux (mainframe and Intel) and a number of UNIX platforms. Vince Re Computer Associates -Original Message- From: David Boyes [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 3:07 PM To: [EMAIL PROTECTED] Subject:

Re: LINUX & Security

olution be faster? Chuck Gowans USDA - Nat'l IT Center -Original Message- From: Re, Vincent [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 1:49 PM To: [EMAIL PROTECTED] Subject: Re: LINUX & Security If you are an ACF2 (or CA-Top Secret) customer, then we have an o

Re: LINUX & Security

| | Subject: Re: LINUX & Security | >--| If you

Re: LINUX & Security

> If you are an ACF2 (or CA-Top Secret) customer, then we have an > open-source PAM plug-in that lets you authenticate directly > against ACF2 > or Top Secret. The client side (the part that runs on Linux) is > available in source code or pre-built RPM form (both Intel > and mainframe > Linux). The

Re: LINUX & Security

Vince Re Computer Associates -Original Message- From: James Melin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 1:27 PM To: [EMAIL PROTECTED] Subject: Re: LINUX & Security I'd like to add a follow-on question to this Has anone gotten Linux to update user ID

Re: LINUX & Security

d a follow-on question to this Has anone gotten Linux to update user ID's/Passwords from an NT central domain ? Is it possible to synchronize those, or failing that has anyone gotten Linux security to refresh from RACF or ACF2 secuirity databases, or even authenticate logon using LDAP int

Re: LINUX & Security

age- From: James Melin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 12:27 PM To: [EMAIL PROTECTED] Subject: Re: LINUX & Security I'd like to add a follow-on question to this Has anone gotten Linux to update user ID's/Passwords from an NT central domain ? Is it

Re: LINUX & Security

I'd like to add a follow-on question to this Has anone gotten Linux to update user ID's/Passwords from an NT central domain ? Is it possible to synchronize those, or failing that has anyone gotten Linux security to refresh from RACF or ACF2 secuirity databases, or even authenti

Re: LINUX & Security

exact same format as the CP generated bad logon, bad link etc. > >> - Does anyone have a link to more specific security / Linux >> information ? > >It is done exactly like discrete Intel boxes. Your local bookstore >should have plenty of Linux security books.

Re: LINUX & Security

ary SVC 76 support for writing accounting records, but this also doesn't fit the bill. > - Does anyone have a link to more specific security / Linux > information ? It is done exactly like discrete Intel boxes. Your local bookstore should have plenty of Linux security books.

LINUX & Security

Hello, we have just started to research SUSE Linux under z/VM, and I've been asked these questions: - Does SUSE Linux issue any SAF (RACF) calls for security in the z/VM environment ? If not, how is security handled ? - Are there any types of "SMF" records cut to record access or violations to

Re: Linux security questions

> I have to find some answers to these questions for our security > plan (why is that part always harder than the install). This is > for SuSE 2.4.7 kernel. > > > 1. How can I enforce a password to contain at least 1 >numeric, 1 alpha, and 1 special character? I suspect you will need to chan

Re: Linux security questions

] Sent: Thursday, May 02, 2002 4:37 PM To: [EMAIL PROTECTED] Subject: Linux security questions I have to find some answers to these questions for our security plan (why is that part always harder than the install). This is for SuSE 2.4.7 kernel. 1. How can I enforce a password to contain at

Re: Linux security questions

Mary Cortes wrote: >1. How can I enforce a password to contain at least 1 > numeric, 1 alpha, and 1 special character? > >2. How can I lockout a userid after 3 bad attempts at > password > >3. How can I set a login to timeout if a valid userid/pwd > is not entered within 2 minutes? This is

Linux security questions

I have to find some answers to these questions for our security plan (why is that part always harder than the install). This is for SuSE 2.4.7 kernel. 1. How can I enforce a password to contain at least 1 numeric, 1 alpha, and 1 special character? 2. How can I lockout a userid after 3 bad a

Re: Yahoo News Article - Linux security auditing to get a boost

[EMAIL PROTECTED] said: > "Last month, after a memo from Microsoft Chairman Bill Gates directing > the software giant's programmers to make security the No. 1 priority, > top execs said the company would spend three to four weeks training > its developers in secure coding techniques and auditing e

Yahoo News Article - Linux security auditing to get a boost

A colleague forwarded this URL to me today. The article talks about DARPA funding a project to better ensure Open Source software gets audited for security exposures. One _hilarious_ statement though is this: "Software security holes caused by a lack of proper review don't plague just the open-s

IBM developerWorks: Linux Security for the Enterprise and Service Providers

See: http://linuxtoday.com/news_story.php3?ltsn=2002-01-08-004-20-SC-EL-HE "Here are a couple of white papers recently released by the IBM T.J. Watson Research Center in January of 2002 concerning the state of Linux Security for Enterprise systems. In addition to that you can take a lo

Re: Linux Security

On Thu, 20 Dec 2001, Gerard Graham wrote: > In our efforts to move Linux along we are try to get internet access to our > mainframe running Linux under VM. With that said I need to furnish my security > department with documentation and articles that releate to Linux security. This &

Re: Linux Security

efinitive guide. I've got 'em both, and they have come in handy over the years... -Original Message- From: Post, Mark K [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 20, 2001 10:26 AM To: [EMAIL PROTECTED] Subject: Re: Linux Security Something else came to mind, and that

Re: Linux Security

quot; Mark Post -Original Message- From: Gerard Graham [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 20, 2001 10:00 AM To: [EMAIL PROTECTED] Subject: Linux Security In our efforts to move Linux along we are try to get internet access to our mainframe running Linux under VM. With

Re: Linux Security

nux onSubject: Linux Security 390 Port <[EMAIL PROTECTED] IST.EDU> 12/20/01 09:59 AM Please respond to Linux on 390 Port In our efforts to move Linux

Re: Linux Security

) - http://www.psionic.com/papers/dns/dns-linux Linux-Privs - POSIX capabilities (security) - http://www.uk.kernel.org/pub/linux/libs/security/linux-privs/ Linux Security "State of the Union" - http://oss.software.ibm.com/developer/opensource/linux/whitepapers/LTC-Secur ity-Whitepaper-external

Re: Linux Security

wrote: > In our efforts to move Linux along we are try to get internet access to our > mainframe running Linux under VM. With that said I need to furnish my security > department with documentation and articles that releate to Linux security. This > is a new world for them and the better u

Linux Security

In our efforts to move Linux along we are try to get internet access to our mainframe running Linux under VM. With that said I need to furnish my security department with documentation and articles that releate to Linux security. This is a new world for them and the better understanding they have