Re: SFTP vulnerability

2020-04-14 Thread ITschak Mugzach 
you should look at CVE to search for SFTP vulnerabilities. SSH on Z is
openssh, so the risks are common.

ITschak

ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM comming son  *




On Tue, Apr 14, 2020 at 12:08 PM Joe Monk  wrote:

> SFTP is FTP over SSH. FTP/S is FTP over SSL.
>
> SSH can use AES256-CBC ciphers. Why do you consider it insecure?
>
> Joe
>
> On Tue, Apr 14, 2020 at 3:57 AM Peter  wrote:
>
> > Hello
> >
> > If am correct SFTP doesn't follow TLS and has it own cryptography
> > algorithm.
> >
> > Are there any known vulnerability for SFTP in redhat ? Or there any extra
> > layer of security that can hardened on sftp apart from certificate based
> > logon ?
> >
> > Peter
> >
> > --
> > For LINUX-390 subscribe / signoff / archive access instructions,
> > send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> > visit
> > http://www2.marist.edu/htbin/wlvindex?LINUX-390
> >
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www2.marist.edu/htbin/wlvindex?LINUX-390
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390

Re: open suse on z?

2020-03-22 Thread ITschak Mugzach 
What i am trying to understand is does the configuration files named the
same and located at the same directory as in sles.

ITschak

בתאריך יום א׳, 22 במרץ 2020, 20:57, מאת Mark Post ‏:

> On 3/22/20 9:26 AM, ITschak Mugzach wrote:
> > Is this possible to install opensuse on z? is this the same as suse
> (except
> > the license issue)?
>
> openSUSE has a version of Tumbleweed for s390x. You can find the iso
> images at
>
> https://build.opensuse.org/package/binaries/openSUSE:Factory:zSystems/000product:openSUSE-dvd5-dvd-s390x/images
>
> For reasons I don't know (yet), the download server doesn't have the iso
> images on it. So, if you don't have an openSUSE account, you'll need to
> create one to actually download the DVD from the URL above.
>
> > I wonder if command and directory tree is the same.
>
> I don't understand what you're asking here.
>
>
> Mark Post
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www2.marist.edu/htbin/wlvindex?LINUX-390
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390

open suse on z?

2020-03-22 Thread ITschak Mugzach 
Is this possible to install opensuse on z? is this the same as suse (except
the license issue)?

I wonder if command and directory tree is the same.

ITschk
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM comming son  *

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390

Re: Quick question on single user mode

2020-03-12 Thread ITschak Mugzach 
Mark,

I was able not to specify password and fix my SLES issues. the disks are
mounted but the file system is organized differently. If I remember
correctly, I reach such pages because I didn't have the root password. not
sure thi is the OP issue.

ITschak
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM comming son  *




On Wed, Mar 11, 2020 at 9:31 PM Mark Post  wrote:

> On 3/11/20 9:39 AM, Will, Chris wrote:
> > Sorry about that, since our move to zCloud I do not have access to the
> 3270 console and all I received was a picture of the console messages.  I
> pulled out as much text as possible and here it is.
>
> How are you specifying the IPL command and any parameters then? I think
> we need to understand how things are supposed to work for you so that we
> can better provide assistance.
>
> If you can't get to the console of the guest, then trying to get into
> single user mode or anything like that isn't going to help at all. One
> possibility might be to try and specify "hvc_iucv=8 console=hvc0
> init=/bin/bash" on the command line, and use the terminal server tools
> from another guest to get access.
>
>
> Mark Post
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www2.marist.edu/htbin/wlvindex?LINUX-390
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390

Re: Quick question on single user mode

2020-03-11 Thread ITschak Mugzach 
Cris,

I had the same issue here. As I wrote to you, if you type E on the boot
selection menu, and edit the line displayed, you get into single root user
mode without specifying a password. see, for example,
http://chriscientific.blogspot.com/2016/03/suse-sles-12-single-user-mode-w.html

ITschak
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for z/OS, x/Linux & IBM I **| z/VM comming son  *




On Wed, Mar 11, 2020 at 1:02 AM Will, Chris  wrote:

> Thanks we are having issues booting a guest and all we see are messages
> about rdsosreport.txt message.  I was hoping that single user mode would
> bypass the enter root password prompt but it does not.  Our root password
> vault product must have not synced properly since I cannot get into the
> shell to see what the issue is.  All started when expanding a SLES 12 SP4
> XFS file system that contained the /var file system.
>
> Get Outlook for iOS<https://aka.ms/o0ukef>
> 
> From: Linux on 390 Port  on behalf of Edgington,
> Jerry 
> Sent: Monday, March 9, 2020 12:38:29 PM
> To: LINUX-390@VM.MARIST.EDU 
> Subject: Re: Quick question on single user mode
>
> [External email]
>
>
> If you are running under z/VM, then you can shut down the server, mount
> the root mini-disk to another Linux server, correct the configuration issue
> and restart the server.
>
> -Original Message-
> From: Linux on 390 Port  On Behalf Of Will, Chris
> Sent: Monday, March 9, 2020 12:29 PM
> To: LINUX-390@VM.MARIST.EDU
> Subject: Quick question on single user mode
>
> This message was sent from an external source outside of Western &
> Southern's network. Do not click links or open attachments unless you
> recognize the sender and know the contents are safe.
>
> 
>
> Have a broken sles 12 server.  I believe at one point there was an option
> on the "ipl 100" to go into single user mode.  Any help?
>
> Chris Will
> Enterprise Linux/UNIX (ELU)
> (313) 549-9729 Cell
> cw...@bcbsm.com
>
>
>
> The information contained in this communication is highly confidential and
> is intended solely for the use of the individual(s) to whom this
> communication is directed. If you are not the intended recipient, you are
> hereby notified that any viewing, copying, disclosure or distribution of
> this information is prohibited. Please notify the sender, by electronic
> mail or telephone, of any unintended receipt and delete the original
> message without making any copies.
>
>  Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are
> nonprofit corporations and independent licensees of the Blue Cross and Blue
> Shield Association.
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions, send
> email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
> http://www2.marist.edu/htbin/wlvindex?LINUX-390
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www2.marist.edu/htbin/wlvindex?LINUX-390
>
>
> The information contained in this communication is highly confidential and
> is intended solely for the use of the individual(s) to whom this
> communication is directed. If you are not the intended recipient, you are
> hereby notified that any viewing, copying, disclosure or distribution of
> this information is prohibited. Please notify the sender, by electronic
> mail or telephone, of any unintended receipt and delete the original
> message without making any copies.
>
>  Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are
> nonprofit corporations and independent licensees of the Blue Cross and Blue
> Shield Association.
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www2.marist.edu/htbin/wlvindex?LINUX-390
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390

Re: Quick question on single user mode

2020-03-09 Thread ITschak Mugzach 
On image selection enter e next to the image. You will need to edit the
text (google for it) and you'll be at root only boot. You than can edit any
file needed fix.

ITschak

בתאריך יום ב׳, 9 במרץ 2020, 18:29, מאת Will, Chris ‏:

> Have a broken sles 12 server.  I believe at one point there was an option
> on the "ipl 100" to go into single user mode.  Any help?
>
> Chris Will
> Enterprise Linux/UNIX (ELU)
> (313) 549-9729 Cell
> cw...@bcbsm.com
>
>
>
> The information contained in this communication is highly confidential and
> is intended solely for the use of the individual(s) to whom this
> communication is directed. If you are not the intended recipient, you are
> hereby notified that any viewing, copying, disclosure or distribution of
> this information is prohibited. Please notify the sender, by electronic
> mail or telephone, of any unintended receipt and delete the original
> message without making any copies.
>
>  Blue Cross Blue Shield of Michigan and Blue Care Network of Michigan are
> nonprofit corporations and independent licensees of the Blue Cross and Blue
> Shield Association.
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www2.marist.edu/htbin/wlvindex?LINUX-390
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390

Re: FTP client: sles 15

2020-02-24 Thread Itschak Mugzach 
Just fir the record:

The problem was indeed a registration issue. I needed to configure resolver
and run SUSEconnect. Once completed, zupper downloaded any package.

Thanks to all that helped.

ITschak


בתאריך יום ב׳, 24 בפבר׳ 2020, 15:18, מאת Frank M. Ramaekers
‏:

> No sorry, I’m Red Hat/CentOS/ClefOS based.   Not familiar with SUSE.
>
>
>
> Frank M. Ramaekers Jr.
>
> Unisys | Mainframe Systems Analyst I
>
>
>
> *From:* Itschak Mugzach [mailto:i_mugz...@securiteam.co.il]
> *Sent:* Monday, February 24, 2020 4:05 AM
> *To:* Frank M. Ramaekers 
> *Subject:* Re: FTP client: sles 15
>
>
>
>
> * External Message – Think Before You Click*
> --
>
>
>
> tried that. there is nothing like SUSEconnect on my server. Any idea how
> to register my os?
>
>
>
> ITschak
>
>
>
> On Mon, Feb 24, 2020 at 12:03 PM Itschak Mugzach <
> i_mugz...@securiteam.co.il> wrote:
>
> I think the problem is with registration. I installed Sles15.1 on a zPDT
> z/vm guest and at the time of installation there was no way to send out an
> email or access the registration site.
>
>
>
> I will try to register using SUSEconnect later today, hope this will help.
>
>
>
> ITschak
>
>
>
> On Thu, Feb 20, 2020 at 7:30 PM Frank M. Ramaekers <
> uisfrancism.ramaek...@globe.life> wrote:
>
> No lftp (client)?
>
>
>
> Frank M. Ramaekers Jr.
>
> Unisys | Mainframe Systems Analyst I
>
>
>
> *From:* The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] *On
> Behalf Of *ITschak Mugzach
> *Sent:* Thursday, February 20, 2020 11:19 AM
> *To:* ib...@listserv.uark.edu
> *Subject:* FTP client: sles 15
>
>
>
>
> * External Message – Think Before You Click*
> --
>
>
>
> I need to upload a file to SuSE 15.1. FTP is not installed and I can't
> find a client / server in the repos (installation materials). what is the
> name of the ftp? client or server, I don't care.
>
>
>
> ITschak
>
>
>
> --
>
> ITschak Mugzach
>
> *|** IronSphere Platform** |* *Information Security Contiguous Monitoring
> for Legacy **|*
>
>
> --
>
> This message contains information which is privileged and confidential and
> is solely for the use of the intended recipient. If you are not the
> intended recipient, be aware that any review, disclosure, copying,
> distribution, or use of the contents of this message is strictly
> prohibited. If you have received this in error, please destroy it
> immediately and notify us at privacy...@globe.life.
>
>
>
>
> --
>
> *| **Itschak Mugzach | Director | SecuriTeam Software | IronSphere
> Platform | Information Security Continuous Monitoring for Legacy |  *
>
> *|* *Email**: **i_mugz...@securiteam.co.il *
> *|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: 
> **www.Securiteam.co.il
> <http://www.Securiteam.co.il>*  *|*
>
>
>
>
>
>
>
>
> --
>
> *| **Itschak Mugzach | Director | SecuriTeam Software | IronSphere
> Platform | Information Security Continuous Monitoring for Legacy |  *
>
> *|* *Email**: **i_mugz...@securiteam.co.il *
> *|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: 
> **www.Securiteam.co.il
> <http://www.Securiteam.co.il>*  *|*
>
>
>
>
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390

Re: FTP client: sles 15

2020-02-21 Thread ITschak Mugzach 
Tx Timothy,

I finally used scp.

ITschak

On Fri, Feb 21, 2020 at 9:31 AM Timothy Sipples  wrote:

> ITschak Mugzach wrote:
> >I need to upload a file to SuSE 15.1. FTP is not installed and I can't
> find
> >a client / server in the repos (installation materials). what is the name
> >of the ftp? client or server, I don't care.
>
> Daniel P. Martin wrote:
> >Best recommendation:  Enable 'openssh' on the server, install an SSH
> >client on the remote system, and use sftp to transfer materials. Plan to
> >adjust server-side firewall rules if the system is not already enabled
> >for SSH connections.
>
> I agree. We really ought to be consistently applying at least basic
> security practices and precautions every time, all the time. Network
> encryption is a basic security practice. So, let's not use FTP but rather
> SFTP or FTPS. Evidently SuSE 15.1 leaves FTP out of its distribution as a
> security "nudge."
>
> Here are a couple more file transfer options:
>
> * Commands such as wget and curl support HTTPS and can transfer files.
> This choice is likely the most "firewall friendly."
>
> * Network File System (NFS) with an encrypted transport such as IPSEC.
>
> - - - - - - - - - -
> Timothy Sipples
> I.T. Architect Executive
> Digital Asset & Other Industry Solutions
> IBM Z & LinuxONE
> - - - - - - - - - -
> E-Mail: sipp...@sg.ibm.com
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www2.marist.edu/htbin/wlvindex?LINUX-390
>


--
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Continuous Monitoring
for Legacy **|  *

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390

FTP client: sles 15

2020-02-20 Thread ITschak Mugzach 
I need to upload a file to SuSE 15.1. FTP is not installed and I can't find
a client / server in the repos (installation materials). what is the name
of the ftp? client or server, I don't care.

ITschak

--
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Contiguous Monitoring
for Legacy **|  *

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390

SUSE Linux failed boot from hibernate

2020-02-13 Thread ITschak Mugzach 
I moved a standalone zPDT suse linux 12.2 to run under z/vm. the opsys is
trying to resume from hibernate, but unable to load the image. i listed
/dev/disk/... and have seen everything is there. anyway, at this point i am
not able to fix the issue as no VI is available.

So I tried to IPL in standalone is discovered that even that the AWSSTART
works and licensed, I get msg "CPU ADDRESS OUT OF RANGE".

While waiting for idea, I will be trying to install SLES 15.

ITschak
--
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Contiguous Monitoring
for Legacy **|  *

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390

Fwd: zLinux security Assessment

2020-02-10 Thread ITschak Mugzach 
As you may know, DISA has release, long ago, a zLinux STIG. I wonder ow do
you assess these guests. You may answer privately.

Full disclosure: As may seen on my signature, we are makers of DISA STIG
ISCM (Information Security Continuous Monitoring) product for IBM legacy
system operating systems.

TX,
ITschak


--
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Contiguous Monitoring
for Legacy **|  *




--
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Contiguous Monitoring
for Legacy **|  *

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390

zLinux security Assessment

2020-02-10 Thread ITschak Mugzach 
As you may know, DISA has release, long ago, a zLinux STIG. I wonder ow do
you assess these guests. You may answer privately.

Full disclosure: As may seen on my signature, we are makers of DISA STIG
ISCM (Information Security Continuous Monitoring) product for IBM legacy
system operating systems.

TX,
ITschak


--
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Contiguous Monitoring
for Legacy **|  *

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390

Re: Installing SLES 12 SP 2 on z/VM 6.4

2017-04-21 Thread Itschak Mugzach 
What is the driving system, the one zpdt runs under? I tried it under cantos 7 
and the problems were iptables (try iptables -F) and setenforce 0. 

ITschak

נשלח מה-iPad שלי

‫ב-21 באפר׳ 2017, בשעה 22:01, ‏‏Rogério Soares ‏ 
כתב/ה:‬

> I had this problem too, solved install using http instead ftp
> 
> Em sex, 21 de abr de 2017 15:55, Mark Post  escreveu:
> 
> On 4/21/2017 at 02:43 PM, Dave Jones  wrote:
>>> Hi, Mark.
>>> 
>>> Here's what appears to be the actual error, from y2log:
>>> 
>>> File '/repodata/repomd.xml' not found on medium
>>> 'ftp://ibmsys1@10.0.0.100/%2Fmnt'
>>> 
>>> Some more background:
>>> 
>>> Install is on a zPDT system
>>> On the FTP server the file SLE-12-SP2-Server-DVD-s390x-GM-DVD1.iso is
>>> loopback mounted on /mnt
>>> The FTP server is running on: openSUSE Leap 42.1 (x86_64)
>> 
>> And what is the home directory for the FTP server?  "/mnt"?  "/srv/ftp/"?
>> Something else?
>> 
>> What do the FTP server logs say about the retrieval attempts?
>> 
>> 
>> Mark Post
>> 
>> --
>> For LINUX-390 subscribe / signoff / archive access instructions,
>> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
>> visit
>> http://www.marist.edu/htbin/wlvindex?LINUX-390
>> --
>> For more information on Linux on System z, visit
>> http://wiki.linuxvm.org/
>> 
> 
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Unable to get ipv4 dhcp addr (new OSA)

2017-02-27 Thread Itschak Mugzach 
Hi Mark. Tcpdump taken on the virtual machine guest. Dhcp has no evidence
in log. Firewalla aee down both sides aa well aa iptables on centoa side.

ITschak

בתאריך 27 בפבר 2017 23:14,‏ "Mark Post" <mp...@suse.com> כתב:

> >>> On 2/25/2017 at 12:24 PM, Itschak Mugzach <i_mugz...@securiteam.co.il>
> wrote:
> > OK. after trying to the original card, I still get the same proble.
> TCPDUMP
> > shows the following  msgs:
> > IP 0.0.0.0.BOOTPC > 255.255.255.255.bootps : BOOTP/DHCP request from
> 
> > (oui unknown) , length 300.
> >
> > it look like the response from the dhcp server is not arriving the linux
> > image. I tried to open the relevant udp ports on the driving system
> (centos
> > 7) with no help.
>
> Was tcpdump running on the Centos system, or the guest?  You really need
> to have it running on both ends of the connection.
>
>
> Mark Post
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: Unable to get ipv4 dhcp addr (new OSA)

2017-02-22 Thread Itschak Mugzach 
These are emulated OSA devices. the hardware is a zPDT.

ITschak

On Wed, Feb 22, 2017 at 4:52 PM, Oscar R Quesada <oques...@csc.com> wrote:

> What model of OSA do you have ? and did you get a manual with it ?
>
> Oscar R Quesada
> Senior Professional System Administrator – iDO NA POD1 – iEnhance1 Team
> Member
> CSC
>
> GIS Cell: +1-818-370-2579
> oques...@csc.com  www.csc.com
>   Texas USA
>
>
> This is a PRIVATE message. If you are not the intended recipient, please
> delete without copying and kindly advise us by e-mail of the mistake in
> delivery. NOTE: Regardless of content, this e-mail shall not operate to
> bind CSC to any order or other contract unless pursuant to explicit
> written agreement or government initiative expressly permitting the use of
> e-mail for such purpose.
>
>
>
> From:   Itschak Mugzach <imugz...@gmail.com>
> To: LINUX-390@VM.MARIST.EDU
> Date:   02/22/2017 06:08 AM
> Subject:Unable to get ipv4 dhcp addr (new OSA)
> Sent by:Linux on 390 Port <LINUX-390@VM.MARIST.EDU>
>
>
>
> Hi
>
> We replaced the Network adapters on our zPDT server and lost DHCP address
> of IPv4. Configuration:
>
>- The OSA cards now shown as OSD_1000.
>- Addresses are 0400..0402 and 0404..0406
>- Layer 2 is enabled on both.
>- Wicked is up.
>- State is UP (LAN ONLINE).
>- I tried to shut down network and run qeth_configure with no help.
>
> can one explain how to configure the OSA cards so they will obtain IPV4
> addresses?
>
>
> Tx.
> ITschak
>
>
> --
> ITschak Mugzach
> *|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
> Security Readiness Reviews (SRR) **|*
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>
>
>


-- 
ITschak Mugzach
*|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
Security Readiness Reviews (SRR) **|*

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Unable to get ipv4 dhcp addr (new OSA)

2017-02-22 Thread Itschak Mugzach 
Hi

We replaced the Network adapters on our zPDT server and lost DHCP address
of IPv4. Configuration:

   - The OSA cards now shown as OSD_1000.
   - Addresses are 0400..0402 and 0404..0406
   - Layer 2 is enabled on both.
   - Wicked is up.
   - State is UP (LAN ONLINE).
   - I tried to shut down network and run qeth_configure with no help.

can one explain how to configure the OSA cards so they will obtain IPV4
addresses?


Tx.
ITschak


--
ITschak Mugzach
*|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
Security Readiness Reviews (SRR) **|*

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: SHC bash script compiler for Linux on z

2017-02-08 Thread Itschak Mugzach 
The reason I choose bash was that you nothing to install, so it will run on any 
standard Linux. Not sure about the assemblers and I was a bit joking. C looks 
an equal solution.

ITschak

נשלח מה-iPad שלי

‫ב-8 בפבר׳ 2017, בשעה 23:54, ‏‏Mark Post ‏<mp...@suse.com> כתב/ה:‬

>>>> On 2/8/2017 at 04:21 PM, Itschak Mugzach <imugz...@gmail.com> wrote: 
>> I accept that. does SLES supports Assembler 390 ;-) If it should be C, C it
>> will be.
> 
> Not really, since there isn't an open source package to do that.  The GNU 
> Compiler Colllection (gcc) does contain an assembler, as.  The syntax is not 
> the same as what you're used to, so it doesn't really count.
> 
> Dave Rivers has already posted about his company's supported product.  There 
> is also a no-cost assembler from Tachyon Software, 
> http://www.tachyonsoft.com/legacy.html  I don't know how that compares to 
> Dignus' product, but the price is certainly attractive.  Tachyon also offers 
> a for-fee product at http://www.tachyonsoft.com/txaover.html 
> 
> I have no experience with any of these products, so I can't offer any advice 
> on them.
> 
> 
> Mark Post
> 
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: SHC bash script compiler for Linux on z

2017-02-08 Thread Itschak Mugzach 
I accept that. does SLES supports Assembler 390 ;-) If it should be C, C it
will be.

Thanks.
ITschak

On Wed, Feb 8, 2017 at 11:15 PM, Mark Post <mp...@suse.com> wrote:

> >>> On 2/8/2017 at 03:42 PM, Itschak Mugzach <imugz...@gmail.com> wrote:
> > Hi Mark.
> >
> > my intent is to hide the code. I believe that most people wont invest
> time
>
> Perhaps not, but if you believe it to be worth protecting, do it right.
>
> > in trying to investigate it, but who knows. Any other laternative to
> > protect bash code, or should I look into a different language?
>
> If you don't want people to examine your code, then you really need to use
> a compiled language, such as C, COBOL, C++, FORTRAN, whatever.
>
>
> Mark Post
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> ----------
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>



--
ITschak Mugzach
*|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
Security Readiness Reviews (SRR) **|*

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: SHC bash script compiler for Linux on z

2017-02-08 Thread Itschak Mugzach 
Well, there are many reasons why to hide the code from others. my reason is
that the code will run on other people's servers and I don't want them to
look into. it include how I do what I do, certificates, etc. file system
protection is not sufficient if I can't control it.

ITschak

On Wed, Feb 8, 2017 at 11:07 PM, John McKown <john.archie.mck...@gmail.com>
wrote:

> On Wed, Feb 8, 2017 at 3:00 PM, Paul Flint <fl...@flint.com> wrote:
>
> > Greetings Itschak,
> >
> > You could protect your bash source by the Unix permissions...
> >
> > I know it sound niaf, in this day and age with everyone havin root, but
> > thought it worth mentioning.
> >
>
> ​Can you run a BASH script which you cannot also read? I was under the
> impression that was the desire. To "protect" the script from being
> inspected. I don't really know why, perhaps an embedded password?​
>
>
>
> >
> > Regards,
> >
> > Paul
> >
> > On Wed, 8 Feb 2017, Itschak naive wrote:
> >
> >
> >>
>
> --
> Our calculus classes are an integral part of your education.
>
> Maranatha! <><
> John McKown
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>



-- 
ITschak Mugzach
*|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
Security Readiness Reviews (SRR) **|*

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: SHC bash script compiler for Linux on z

2017-02-08 Thread Itschak Mugzach 
Paul, the script may run on other people's server which I do not have
control over.

ITschak

On Wed, Feb 8, 2017 at 11:00 PM, Paul Flint <fl...@flint.com> wrote:

> Greetings Itschak,
>
> You could protect your bash source by the Unix permissions...
>
> I know it sound niaf, in this day and age with everyone havin root, but
> thought it worth mentioning.
>
> Regards,
>
> Paul
>
> On Wed, 8 Feb 2017, Itschak naive wrote:
>
> Date: Wed, 8 Feb 2017 22:42:37 +0200
>> From: Itschak Mugzach <imugz...@gmail.com>
>> Reply-To: i_mugz...@securiteam.co.il
>> To: LINUX-390@VM.MARIST.EDU
>> Subject: Re: SHC bash script compiler for Linux on z
>>
>>
>> Hi Mark.
>>
>> my intent is to hide the code. I believe that most people wont invest time
>> in trying to investigate it, but who knows. Any other laternative to
>> protect bash code, or should I look into a different language?
>>
>> ITschak
>>
>> On Wed, Feb 8, 2017 at 10:27 PM, Mark Post <mp...@suse.com> wrote:
>>
>> On 2/8/2017 at 02:43 PM, Itschak Mugzach <imugz...@gmail.com> wrote:
>>>>>>
>>>>> I wonder if any of you tried this freeware.
>>>>
>>>
>>> It's not freeware.  It's licensed under the GNU GPL 3.  Two extremely
>>> different things.
>>>
>>> I was able to install it on
>>>> Centos 7, but it seems that the makefile is not sutable for SUSE or SUSE
>>>> for z.. Below is the make file. I replaced the CC with gcc but am not
>>>> familier with the parms requires.
>>>>
>>>
>>> I see various flavors of it in the openSUSE Build Service.  Several of
>>> them build packages for both openSUSE and SLES.
>>> https://build.opensuse.org/search
>>>
>>> Looking at the description, I don't think it's going to do what you want.
>>> It's not really a compiler, so there will be no performance boost from
>>> using it.  Since it encrypts and decrypts the original script and then
>>> invokes it with the running system's version of the shell, it won't
>>> provide
>>> any real protection from people being able to look at and copy the
>>> script.
>>> (I would imagine anyone even remotely familiar with gdb would be able to
>>> extract that with no problem.)
>>>
>>> What you want may be something entirely different, however, so it's up to
>>> you.
>>>
>>>
>>> Mark Post
>>>
>>> --
>>> For LINUX-390 subscribe / signoff / archive access instructions,
>>> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
>>> visit
>>> http://www.marist.edu/htbin/wlvindex?LINUX-390
>>> --
>>> For more information on Linux on System z, visit
>>> http://wiki.linuxvm.org/
>>>
>>>
>>
>>
>> --
>> ITschak Mugzach
>> *|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
>> Security Readiness Reviews (SRR) **|*
>>
>> --
>> For LINUX-390 subscribe / signoff / archive access instructions,
>> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
>> visit
>> http://www.marist.edu/htbin/wlvindex?LINUX-390
>> --
>> For more information on Linux on System z, visit
>> http://wiki.linuxvm.org/
>>
>>
> Kindest Regards,
>
>
>
> ☮ Paul Flint
> (802) 479-2360 Home
> (802) 595-9365 Cell
>
> /
> Based upon email reliability concerns,
> please send an acknowledgement in response to this note.
>
> Paul Flint
> 17 Averill Street
> Barre, VT
> 05641
>
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>



-- 
ITschak Mugzach
*|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
Security Readiness Reviews (SRR) **|*

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: SHC bash script compiler for Linux on z

2017-02-08 Thread Itschak Mugzach 
Hi Mark.

my intent is to hide the code. I believe that most people wont invest time
in trying to investigate it, but who knows. Any other laternative to
protect bash code, or should I look into a different language?

ITschak

On Wed, Feb 8, 2017 at 10:27 PM, Mark Post <mp...@suse.com> wrote:

> >>> On 2/8/2017 at 02:43 PM, Itschak Mugzach <imugz...@gmail.com> wrote:
> > I wonder if any of you tried this freeware.
>
> It's not freeware.  It's licensed under the GNU GPL 3.  Two extremely
> different things.
>
> > I was able to install it on
> > Centos 7, but it seems that the makefile is not sutable for SUSE or SUSE
> > for z.. Below is the make file. I replaced the CC with gcc but am not
> > familier with the parms requires.
>
> I see various flavors of it in the openSUSE Build Service.  Several of
> them build packages for both openSUSE and SLES.
> https://build.opensuse.org/search
>
> Looking at the description, I don't think it's going to do what you want.
> It's not really a compiler, so there will be no performance boost from
> using it.  Since it encrypts and decrypts the original script and then
> invokes it with the running system's version of the shell, it won't provide
> any real protection from people being able to look at and copy the script.
> (I would imagine anyone even remotely familiar with gdb would be able to
> extract that with no problem.)
>
> What you want may be something entirely different, however, so it's up to
> you.
>
>
> Mark Post
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> ----------
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>



--
ITschak Mugzach
*|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
Security Readiness Reviews (SRR) **|*

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

SHC bash script compiler for Linux on z

2017-02-08 Thread Itschak Mugzach 
I wonder if any of you tried this freeware. I was able to install it on
Centos 7, but it seems that the makefile is not sutable for SUSE or SUSE
for z.. Below is the make file. I replaced the CC with gcc but am not
familier with the parms requires.

# Makefile
#

INSTALL_PATH = /usr/local

# For SCO
CFLAGS = -b elf -O -D_SVID

# For IRIX
CFLAGS = -xansi -fullwarn -O3 -g0

# For Solaris
CFLAGS = -fast -xO4 -s -v -Xa

# For HPUX
CFLAGS = -Wall -O -Ae

# For OSF1
CFLAGS = -w -verbose -fast -std1 -g0

# For GNU C compiler
CFLAGS = -Wall -O6 # -pedantic

SHELL = /bin/sh

all: shc ask_for_test

shc: shc.c
$(cc) $(CFLAGS) $@.c -o $@

ask_for_test:
@echo '***  ¿Do you want to probe shc with a test script?'
@echo '***  Please try...   make test'

test: make_the_test ask_for_strings

make_the_test: match.x
@echo '***  Running a compiled test script!'
@echo '***  It must show files with substring "sh" in your
PATH...'
./match.x sh

match.x: shc match
@echo '***  Compiling script "match"'
CFLAGS="$(CFLAGS)" ./shc -v -f match

ask_for_strings:
@echo '***  ¿Do you want to see strings in the generated
binary?'
@echo '***  Please try...   make strings'

strings: make_the_strings ask_for_expiration

make_the_strings: match.x
@echo '***  Running: "strings -n 5 'match.x'"'
@echo '***  It must show no sensible information...'
strings -n 5 match.x

ask_for_expiration:
@echo '***  ¿Do you want to probe expiration date?'
@echo '***  Please try...   make expiration'

expiration: til_yesterday ask_for_install

til_yesterday: shc match
@echo '***  Compiling "match" to expired date'
CFLAGS="$(CFLAGS)" ./shc -vvv -e `date "+%d/%m/%Y"` -f match
@echo '***  Running a compiled test script!'
@echo '***  It must fail showing "./match.x: has expired!"'
./match.x

ask_for_install:
@echo '***  ¿Do you want to install shc?'
@echo '***  Please try...   make install'

install: shc
@echo '***  Installing shc and shc.1 on '$(INSTALL_PATH)
@echo -n '***   ¿Do you want to continue? '; read ANS; case "$$ANS"
in y|Y|yes|Yes|YES) ;; *) exit 1;; esac;
install -c -s shc $(INSTALL_PATH)/bin/
install -c -m 644 shc.1 $(INSTALL_PATH)/man/man1/

clean:
rm -f *.o *~ *.x.c

cleanall: clean
rm -f shc *.x




-- 
ITschak Mugzach
*|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
Security Readiness Reviews (SRR) **|*

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: SUSE under ZVM networking issues

2017-02-07 Thread Itschak Mugzach 
And ... Thanks to all that helped me understand the problem and led me the
way.

ITschak

On Tue, Feb 7, 2017 at 10:21 PM, Mark Post <mp...@suse.com> wrote:

> >>> On 2/7/2017 at 03:02 PM, Itschak Mugzach <imugz...@gmail.com> wrote:
> > Mark,
> >
> > I looked into the cookbook (Installing Linux for z Systems on zPDT: A
> Short
> > Cookbook) and it instruct not to install layer 2 support...
>
> Do they say _why_?  Some people seem to avoid Layer 2 for some reason.
> Usually not a good, thought-out reason.
>
> -snip-
>
> > will it be easier to re-install the image?
>
> I would say "no, it's not easier."  But, what you do depends on what _you_
> want.  If you want DHCP to manage your IP addresses, then use it.  If not,
> then you'll need to assign static IP addresses outside of the range of what
> the DHCP server is managing, but still in the same subnet as your default
> gateway.
>
> > what about the second card?
> > should I configure it later after connecting to the guest?
>
> If you really think you need it, then you should be able to do that
> afterward, using YaST.
>
>
> Mark Post
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> ----------
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>



--
ITschak Mugzach
*|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
Security Readiness Reviews (SRR) **|*

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: SUSE under ZVM networking issues

2017-02-07 Thread Itschak Mugzach 
Mark,

I looked into the cookbook (Installing Linux for z Systems on zPDT: A Short
Cookbook) and it instruct not to install layer 2 support...

OPRMSG: Device address for data channel. (Enter '+++' to abort).
OPRMSG: 0.0.0402!>
+
(enter a null line)
OPRMSG: Portname to use. (Enter '+++' to abort).
+
(enter a null line)
OPRMSG: Enable OSI Layer 2 support?
OPRMSG: 0) <-- Back <--
OPRMSG: 1) Yes
OPRMSG: 2) No
+
2
(select option 2)
OPRMSG: Examples: 192.168.5.77/24 2001:db8:75:fff::3/64.
+ 10.1.1.2/24

(IP for target system

will it be easier to re-install the image? what about the second card?
should I configure it later after connecting to the guest?

Best,
ITschak

On Tue, Feb 7, 2017 at 9:43 PM, Itschak Mugzach <imugz...@gmail.com> wrote:

> lsqeth returns zero for layer2 on both NICs. using root to  echo 1 >
> /sys/devices/qeth/0.0.0.0400/layer2 returns write  error operation not
> permited... any alternative to this?
>
> ITschak
>
> On Tue, Feb 7, 2017 at 8:20 PM, Mark Post <mp...@suse.com> wrote:
>
>> >>> On 2/7/2017 at 08:30 AM, Itschak Mugzach <imugz...@gmail.com> wrote:
>> > I was able to change the network interfaces to dhcp using yast lan edit
>> > id=x bootproto=dhcp, and wicked ifup . Now eth0 and eth1 are stalled
>> (?) at
>> > setup in progress  and both lease of ipv4 and ipv6 are ipvx dhcp
>> requesting
>> > status...
>>
>> Are these NICs in Layer 2 mode?  They have to be, for dhcp to work.  The
>> lsqeth command will show that information.
>>
>>
>> Mark Post
>>
>> --
>> For LINUX-390 subscribe / signoff / archive access instructions,
>> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
>> visit
>> http://www.marist.edu/htbin/wlvindex?LINUX-390
>> --
>> For more information on Linux on System z, visit
>> http://wiki.linuxvm.org/
>>
>
>
>
> --
> ITschak Mugzach
> *|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
> Security Readiness Reviews (SRR) **|*
>
>
>


--
ITschak Mugzach
*|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
Security Readiness Reviews (SRR) **|*

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: SUSE under ZVM networking issues

2017-02-07 Thread Itschak Mugzach 
lsqeth returns zero for layer2 on both NICs. using root to  echo 1 >
/sys/devices/qeth/0.0.0.0400/layer2 returns write  error operation not
permited... any alternative to this?

ITschak

On Tue, Feb 7, 2017 at 8:20 PM, Mark Post <mp...@suse.com> wrote:

> >>> On 2/7/2017 at 08:30 AM, Itschak Mugzach <imugz...@gmail.com> wrote:
> > I was able to change the network interfaces to dhcp using yast lan edit
> > id=x bootproto=dhcp, and wicked ifup . Now eth0 and eth1 are stalled (?)
> at
> > setup in progress  and both lease of ipv4 and ipv6 are ipvx dhcp
> requesting
> > status...
>
> Are these NICs in Layer 2 mode?  They have to be, for dhcp to work.  The
> lsqeth command will show that information.
>
>
> Mark Post
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> ------
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>



--
ITschak Mugzach
*|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
Security Readiness Reviews (SRR) **|*

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: SUSE under ZVM networking issues

2017-02-07 Thread Itschak Mugzach 
The problem is that the devices still not getting the IPV4 addresses not
the IPV6 addresses from the dhcp... per the messages, I understand the
error, but my concern is to activate the devices, which still can't.

wicked ifstatus eth0 eth1 shows setup-in-progress and leased: lpvx dhcp
requesting. look like it is stalled.

ITschak

On Tue, Feb 7, 2017 at 4:55 PM, Berthold Gunreben <b...@suse.de> wrote:

> On Tue, 7 Feb 2017 16:19:50 +0200
> Itschak Mugzach <imugz...@gmail.com> wrote:
>
> > eth1 receives msgs "martian source..." and yes, I can see high count
> > of multicast in /proc/net/dev for this device. it look like it still
> > has iits ipv6 address.
>
> martian source means, that you get packages to that devices with
> addresses that do not match the device configuration. Probably a wrong
> netmask. If this is DHCP, the dhcp server seems to provide an incorrect
> configuration.
>
> Berthold
>
> > ITschak
> >
> > On Tue, Feb 7, 2017 at 3:36 PM, Berthold Gunreben <b...@suse.de> wrote:
> >
> > > On Tue, 7 Feb 2017 15:30:14 +0200
> > > Itschak Mugzach <imugz...@gmail.com> wrote:
> > >
> > > > Hi Berthold
> > > >
> > > > I was able to change the network interfaces to dhcp using yast lan
> > > > edit id=x bootproto=dhcp, and wicked ifup . Now eth0 and eth1 are
> > > > stalled (?) at setup in progress  and both lease of ipv4 and ipv6
> > > > are ipvx dhcp requesting status...
> > >
> > > Do you see received and transmitted packages in /proc/net/dev?
> > >
> > > cat /proc/net/dev
> > >
> > > Are the devices online according to lsqeth?
> > >
> > > Berthold
> > >
> > >
> > > --
> > > --
> > >  Berthold Gunreben   OPS Services
> > > Team http://www.suse.de/
> > > Maxfeldstr. 5 SUSE Linux GmbH, D-90409 Nuernberg, Germany, HRB
> > > 21284 (AG Nürnberg) GF: Felix Imendörffer, Jane Smithard, Graham
> > > Norton
> > >
> > > --
> > > For LINUX-390 subscribe / signoff / archive access instructions,
> > > send email to lists...@vm.marist.edu with the message: INFO
> > > LINUX-390 or visit
> > > http://www.marist.edu/htbin/wlvindex?LINUX-390
> > > --
> > > For more information on Linux on System z, visit
> > > http://wiki.linuxvm.org/
> > >
> >
> >
> >
>
>
>
> --
> --
>  Berthold Gunreben   OPS Services Team
>  http://www.suse.de/ Maxfeldstr. 5
>  SUSE Linux GmbH, D-90409 Nuernberg, Germany, HRB 21284 (AG Nürnberg)
>  GF: Felix Imendörffer, Jane Smithard, Graham Norton
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>



-- 
ITschak Mugzach
*|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
Security Readiness Reviews (SRR) **|*

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: SUSE under ZVM networking issues

2017-02-07 Thread Itschak Mugzach 
eth1 receives msgs "martian source..." and yes, I can see high count of
multicast in /proc/net/dev for this device. it look like it still has iits
ipv6 address.

ITschak

On Tue, Feb 7, 2017 at 3:36 PM, Berthold Gunreben <b...@suse.de> wrote:

> On Tue, 7 Feb 2017 15:30:14 +0200
> Itschak Mugzach <imugz...@gmail.com> wrote:
>
> > Hi Berthold
> >
> > I was able to change the network interfaces to dhcp using yast lan
> > edit id=x bootproto=dhcp, and wicked ifup . Now eth0 and eth1 are
> > stalled (?) at setup in progress  and both lease of ipv4 and ipv6 are
> > ipvx dhcp requesting status...
>
> Do you see received and transmitted packages in /proc/net/dev?
>
> cat /proc/net/dev
>
> Are the devices online according to lsqeth?
>
> Berthold
>
>
> --
> --
>  Berthold Gunreben   OPS Services Team
>  http://www.suse.de/ Maxfeldstr. 5
>  SUSE Linux GmbH, D-90409 Nuernberg, Germany, HRB 21284 (AG Nürnberg)
>  GF: Felix Imendörffer, Jane Smithard, Graham Norton
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> ----------
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>



-- 
ITschak Mugzach
*|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
Security Readiness Reviews (SRR) **|*

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Re: SUSE under ZVM networking issues

2017-02-07 Thread Itschak Mugzach 
Hi Berthold

I was able to change the network interfaces to dhcp using yast lan edit
id=x bootproto=dhcp, and wicked ifup . Now eth0 and eth1 are stalled (?) at
setup in progress  and both lease of ipv4 and ipv6 are ipvx dhcp requesting
status...

ITschak

On Tue, Feb 7, 2017 at 2:04 PM, Berthold Gunreben <b...@suse.de> wrote:

> On Tue, 7 Feb 2017 10:41:11 +0200
> Itschak Mugzach <imugz...@gmail.com> wrote:
>
> > Hi Mark.
> >
> > This is SlLES 12 SP2 s390x. (from /etc/issue)
> > I working from the 3270 session I IPLed the linix from. no graphical
> > environment, not communication from outside.
> > removed the rules file and recycled suse. I found two rule files for
> > qeth for devices 400 and 404. should they be kept?
> > anyway, after recycle I had many "martian source" mesages that ifoff
> > eth0 eth1 stopped. When I try to config the nics with other
> > addresses, and ping, I get "network is unreachable" on both. I am
> > using a dhcp with mac reservation so no need static addresses. How
> > can I cause suse ask for an address from dhcp?
>
> I would proceed like this:
>
> 1. # lsqeth -> this should result in some device that is online. If this
>there is none, you can use
># qeth_configure -l 0.0.0400 0.0.0401 0.0.0402 1
># qeth_configure -l 0.0.0404 0.0.0405 0.0.0406 1
>assuming the OSA devices are located at 400 and 404
>
> 2. From lsqeth, you have a device name like eth0. Then:
># cd /etc/sysconfig/network
># echo "BOOTPROTO='dhcp'" > ifcfg-eth0
># echo "STARTMODE='auto'" >> ifcfg-eth0
>
> 3. restart the network
># rcnetwork restart
>
> 4. check if you got some ip address with
># ip a s
>check if you got a default route
># ip r s
>try to ping some machine from there. To stop the ping, you can use
>^C (two characters) in 3270.
>
> Berthold
>
> >
> > Best,
> > ITschak
> >
> > On Mon, Feb 6, 2017 at 11:23 PM, Mark Post <mp...@suse.com> wrote:
> >
> > > >>> On 2/5/2017 at 11:21 AM, Itschak Mugzach <imugz...@gmail.com>
> > > >>> wrote:
> > > > I installed SLES 12 on a zPDT server as a stand alone ("basic
> > > > mode"). I
> > > was
> > >
> > > Is this a SLES12 GA, SLES12 SP1, or SLES12 SP2 system?  Hopefully
> > > SLES12 SP2, since SLES12 GA is out of support and SLES12 SP1 will
> > > be soon.
> > > > able to connect to the image using vnc using the tap connection.
> > > > I than defined a user in VM's user direct and IPLed the image.
> > > > That works find, but now I am unable to connect to network.
> > > >
> > > > It is my understanding that there are two option: using a vswitch
> > > > or
> > > attach
> > > > the osa device to the guest. I tried the second one. However, as
> > > > I can't connect to the server I can only use cli...
> > >
> > > Neither one will make any difference to the Linux system.  Either
> > > NIC looks the same to it.
> > >
> > > > I am looking for a document that explain step by step how to
> > > > configure networking in a 4 level environment: Linux > zPDT > ZVM
> > > > > SLES guest.
> > >
> > > There isn't one, specifically, since as I said above, the Linux
> > > system doesn't care about all the higher layers.  So, when you say
> > > "cli" do you mean a z/VM console environment, or a Linux terminal
> > > environment?  If the latter, then "yast lan" will let you take care
> > > of things.
> > >
> > > If you're working from the z/VM console for the guest, then things
> > > get a bit more tedious, but still very workable.  If that is the
> > > case, let us know and we can walk you through it.  The easiest
> > > thing to try might be to simply
> > > delete /etc/udev/rules.d/70-persistent-net.rules and reboot.
> > >
> > >
> > > Mark Post
> > >
> > > --
> > > For LINUX-390 subscribe / signoff / archive access instructions,
> > > send email to lists...@vm.marist.edu with the message: INFO
> > > LINUX-390 or visit
> > > http://www.marist.edu/htbin/wlvindex?LINUX-390
> > > --
> > > For more information on Linux on System z, visit
> > > http://wiki.linuxvm.org/
> > >
> >
> >
> >

Re: SUSE under ZVM networking issues

2017-02-07 Thread Itschak Mugzach 
Hi Mark.

This is SlLES 12 SP2 s390x. (from /etc/issue)
I working from the 3270 session I IPLed the linix from. no graphical
environment, not communication from outside.
removed the rules file and recycled suse. I found two rule files for qeth
for devices 400 and 404. should they be kept?
anyway, after recycle I had many "martian source" mesages that ifoff eth0
eth1 stopped. When I try to config the nics with other addresses, and ping,
I get "network is unreachable" on both. I am using a dhcp with mac
reservation so no need static addresses. How can I cause suse ask for an
address from dhcp?

Best,
ITschak

On Mon, Feb 6, 2017 at 11:23 PM, Mark Post <mp...@suse.com> wrote:

> >>> On 2/5/2017 at 11:21 AM, Itschak Mugzach <imugz...@gmail.com> wrote:
> > I installed SLES 12 on a zPDT server as a stand alone ("basic mode"). I
> was
>
> Is this a SLES12 GA, SLES12 SP1, or SLES12 SP2 system?  Hopefully SLES12
> SP2, since SLES12 GA is out of support and SLES12 SP1 will be soon.
>
> > able to connect to the image using vnc using the tap connection. I than
> > defined a user in VM's user direct and IPLed the image. That works find,
> > but now I am unable to connect to network.
> >
> > It is my understanding that there are two option: using a vswitch or
> attach
> > the osa device to the guest. I tried the second one. However, as I can't
> > connect to the server I can only use cli...
>
> Neither one will make any difference to the Linux system.  Either NIC
> looks the same to it.
>
> > I am looking for a document that explain step by step how to configure
> > networking in a 4 level environment: Linux > zPDT > ZVM > SLES guest.
>
> There isn't one, specifically, since as I said above, the Linux system
> doesn't care about all the higher layers.  So, when you say "cli" do you
> mean a z/VM console environment, or a Linux terminal environment?  If the
> latter, then "yast lan" will let you take care of things.
>
> If you're working from the z/VM console for the guest, then things get a
> bit more tedious, but still very workable.  If that is the case, let us
> know and we can walk you through it.  The easiest thing to try might be to
> simply delete /etc/udev/rules.d/70-persistent-net.rules and reboot.
>
>
> Mark Post
>
> --
> For LINUX-390 subscribe / signoff / archive access instructions,
> send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
> visit
> http://www.marist.edu/htbin/wlvindex?LINUX-390
> --
> For more information on Linux on System z, visit
> http://wiki.linuxvm.org/
>



--
ITschak Mugzach
*|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
Security Readiness Reviews (SRR) **|*

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

SUSE under ZVM networking issues

2017-02-05 Thread Itschak Mugzach 
I installed SLES 12 on a zPDT server as a stand alone ("basic mode"). I was
able to connect to the image using vnc using the tap connection. I than
defined a user in VM's user direct and IPLed the image. That works find,
but now I am unable to connect to network.

It is my understanding that there are two option: using a vswitch or attach
the osa device to the guest. I tried the second one. However, as I can't
connect to the server I can only use cli...

I am looking for a document that explain step by step how to configure
networking in a 4 level environment: Linux > zPDT > ZVM > SLES guest.


ITschak Mugzach
*|** IronSphere Platform* *|** An IT GRC for Legacy systems* *| Automated
Security Readiness Reviews (SRR) **|*

--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

3270 terminal support under Z/Linux

2003-10-19 Thread Itschak Mugzach 
Hi,

We have a websphere application running on RS/6000 that we want to port to
z/Linux. The problem is that the technology used to get connected to CICS is
thru 3270 screens (CICS maps) the are interpreted by the Java application.
Afaik there is no support in Linux to SNA. Is there any way to mimic this
process without the need to change the application?

Itschak