On Tue, 10 Dec 2002 11:52:52 -0500 David Boyes said: >> - Does SUSE Linux issue any SAF (RACF) calls for security in >> the z/VM environment ? > >No. > >> If not, how is security handled ? > >Purely internally. Treat it as a standalone Unix system, with the exact >same requirements. > >> - Are there any types of "SMF" records cut to record access >> or violations to resources in a Linux z/VM environment ? > >There are entries in /var/log, just as on a normal Unix system. Neale's >hcp command can be used to write those messages from syslog to a >VM-based service, but it is not in the standard distributions. There is >also rudimentary SVC 76 support for writing accounting records, but this >also doesn't fit the bill.
SVC 76 is LOGREC (aka EREP), and while similar in many ways to syslog, isn't going to have SMF80 records, which I believe is what you would want from MVS. The syslog is going to record that in Linux. One of the biggest differences between SMF and syslog is that SMF allows binary data. For VM, if journalling is turned on, SMF80 would be accounting records cut and collected by DISKACNT on most systems or your ESM would do it itself. Other type of SMF records would end up being Monitor records. With the DIAG driver, you could use DIAG 4C to cut VM accounting records from Linux, but you would need OPTION ACCT in the CP directory and they still wouldn't be the exact same format as the CP generated bad logon, bad link etc. > >> - Does anyone have a link to more specific security / Linux >> information ? > >It is done exactly like discrete Intel boxes. Your local bookstore >should have plenty of Linux security books.
