It is a somewhat crude method, but we used SHARE values on the directory entry
for the guests.
prod hosts would have SHARE weights in the thousands, and dev hosts would have
SHARE weights in the tens or hundreds.
Non-prod could pull hard as long as we weren't at capacity, but with any CPU
exactly what is intended.
On 10/28/2015 7:13 AM, Veencamp, Jonathon D. wrote:
> It is a somewhat crude method, but we used SHARE values on the directory
> entry for the guests.
>
> prod hosts would have SHARE weights in the thousands, and dev hosts would
> have SHARE weig
Clam is pretty much just scanning linux for Windows viruses. Which may be
worthwhile if you are hosting lots of Windows files.
http://rkhunter.sourceforge.net/ scans for actual Linux attacks.I had this
running on Z. The package hasn't been updated for about 18 months however, so
isn't
VMCP IND? (I don't have VM in front of me...)
And top does actually show %STEAL on zVM, so that’s useful too.
Jon
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Mikael
Wargh
Sent: Wednesday, September 30, 2015 3:45 AM
To:
It is still installable via SUSE repository and it does still get virus update
definitions nightly.
It's not scanning for linux viruses though, it's scanning for Windows virus's
on Linux. So most appropriate if you are running a fileshare or something. Or
have managers that need to see the
Exactly.
You all work out SLES12, and once it gets to SP1 or SP2 - then I might consider
it. :)
Jon
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Gerard
Howells
Sent: Tuesday, April 28, 2015 11:36 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re:
Hi,
Could one of the wise old wizards tell me if there is a CP command we can use
to deactivate or vary a CPU offline at the hypervisor level? Young wizards
appreciated too.
We want to change the number of CPU's and understand the correct place to do it
is in the HMC. But if we can do it
du -x | sort -n
That’s what I use to identify which subdirectory is the hog.
The information contained in this e-mail message is intended only for the
personal and confidential use of the designated recipient(s) named above. This
message may be an
In OMVS, if you want to know someone's UID, you can just do an 'id username'
The reverse lookup might be specific to the security manager, so you can't turn
the numeric into a name with that.
Jon
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of
And single user mode puts you right into root without password, because it's
assumed if you control the console, then you must be ok. (control your
consoles everyone!)
Have I got that right?
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Bruce
Mikael,
I also had to make a homemade monitor rather than spending money to get a real
product, which I would have preferred. In our experience, sar and the like
are critically missing hypervisor stats that absolutely matter. My duct tape
and bailing wire solution was to configure one of
What we do when people want to actually sign on to VNC as root, below are the
two files that need to be modified, and then xdm and xinetd restarted.
So I made a script to replace those files with root-enabled-logon, and then the
system self-schedules to turn that off at midnight (because you
Just a word of warning to everyone, that Red Hat considers their current patch
potentially incomplete. It solves the test that everyone is using to test
vulnerability, but isn't necessarily comprehensive. So there may be more than
one round of patches on this, perhaps from all vendors
Just a word of warning that Red Hat considers their current patch potentially
incomplete. It solves the test that everyone is using to test vulnerability,
but isn't necessarily comprehensive. So there may be more than one round of
patches on this, perhaps from all vendors
AIDE won't tell you who, or what exactly the change was, but you'll know a
change took place.
This is kind of basic, but do you have something like this set in sudo?
Defaults syslog=auth, mailto=nslinuxsupp...@fedins.com, mail_always
We have a remote syslog server, so every sudo'd command is
I'd recommend looking at the Linux Audit Subsystem. That is probably designed
to give you what you want. It will probably require careful thought to get it
dialed in to tell you everything you want to know, but it's pretty mainstream.
Jon
-Original Message-
From: Linux on 390 Port
Mailing loop on auto-replies.
If only this was true :) This is the only notification you will receive
while this person is away
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Gregg
Levine
Sent: Friday, March 14, 2014 10:36 AM
To:
Ted,
I can't speak to the differences between kernels, but also I am very interested
in your thread. Our SLES10 and SLES 11 experience has been that even with
VDISK as swap on a VM system that is NOT overcommitted on memory, that any
linux swapping is just kills us with the same sort of
for
swap, this would be the first complaint i've heard with the exception of
some bad configuration defaults. If you had really good performance
management tools, I'd be happy to look at the data.
On 1/15/2014 5:44 AM, Veencamp, Jonathon D. wrote:
Ted,
I can't speak to the differences between
Have you issued the top command in linux or anything else to get an idea of
what is grinding so hard?
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Victor
Echavarry Diaz
Sent: Friday, January 10, 2014 10:00 AM
To: LINUX-390@VM.MARIST.EDU
I think it's called IP aliasing or something like that. We have a single NIC
advertising a bunch of IP addresses, and have a different apache listener on
each one.
We do that via this command in a system startup script on Suse Linux.
ip address add 192.168.69.60/24 brd + dev eth0 label eth0:60
Good morning list,
Does anyone have any quick advice? We are in Minnesota and have just switched
to Daylight Savings.Someone IPL'd ZVM differently yesterday than on past
IPL's. (TOD clock question answered yes). Now we are seeing the correct time
in CMS in zVM (I think) but Linux is
on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Veencamp,
Jonathon D.
Sent: Monday, November 04, 2013 8:12 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Daylight savings time issue
Good morning list,
Does anyone have any quick advice? We are in Minnesota and have just switched
to Daylight
] On Behalf Of Pedro
Principeza
Sent: Monday, November 04, 2013 7:30 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: Daylight savings time issue
What does zdump -v | grep 2013 shows ya? What's the 'timezone' RPM
version (rpm -qa | grep timezone)?
--
Pedro Principeza.
From: Veencamp, Jonathon D. jdveenc
just started standard time,
not daylight savings time..
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of
Veencamp, Jonathon D.
Sent: Monday, November 04, 2013 8:12 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Daylight savings time issue
Good morning list
standard time,
not daylight savings time..
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of
Veencamp, Jonathon D.
Sent: Monday, November 04, 2013 8:12 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Daylight savings time issue
Good morning list,
Does anyone
been addressed, but I am more curious as
to why your ZVM is still showing CDT when it also should be showing
CST.
-
Gregg C Levine gregg.drw...@gmail.com
This signature fought the Time Wars, time and again.
On Mon, Nov 4, 2013 at 8:22 AM, Veencamp, Jonathon D.
jdveenc...@fedins.com wrote:
ZVM
?
And that would mess up all the guests.
On Mon, Nov 4, 2013 at 10:40 AM, Veencamp, Jonathon D.
jdveenc...@fedins.com wrote:
We found a typo in our ZVM system config. So VM was still showing CDT
rather than CST, and evidently that affected Linux as well (even though
Linux was pulling the UTC time
On 4 Nov 2013 at 17:26, Veencamp, Jonathon D.
wrote:
We did POR. But we have a other ZVM's on the same hardware that DO
NOT have the issue (evidently because they didn't have the typo in
their system config). So the other ZVM's display the correct time in
VM and zLinux.
The correct time now
Unrelated to your issue:
We got going with Websphere 3.5! (And IBM Servlet Express before that). I also
remember having the ZOS HTTP server running at least a year before any of the
Wintel guys here had their first HTTP server running. At the time with all the
literature in the press about
You'll want to google it and get it working. It's pretty simple.
That will allow a user you specified the ability to run all commands or some
specific commands under their own ID with UID=0 (root) authority. And
everything is logged.
Look at /etc/sudoers to configure it
Then the syntax for
Not specifically. We have V7 running on Intel Linux. We tried it on zOS, then
put it on Intel Linux before we had zLinux running.
That prod linux instance is using about 1.5GB memory (not counting cache). The
CPU load is very, very light. In our shop I would consider it a Z compatible
I also would be suspicious of mini-disk overlay in ZVM. I did it myself, and
for the most part the Linux instances ran fine.
The information contained in this e-mail message is intended only for the
personal and confidential use of the designated recipient(s)
I have some development zLinux guests with 25 JVM's. Most of these aren't used
on a typical day and can idle along with a 200MB heap. But if a development
team is doing load testing, then the heap and memory footprint for a JVM can
grow to 1.5GB+. If 2-3 teams are doing testing, my Linux
if you had
that before.
Rob
On 16 August 2013 14:21, Veencamp, Jonathon D. jdveenc...@fedins.comwrote:
I have some development zLinux guests with 25 JVM's. Most of these aren't
used on a typical day and can idle along with a 200MB heap. But if a
development team is doing load testing
I appreciate the creative thought. Keeping the JVM active for INACTIVE
development servers is kinda going in the wrong direction.
What I really need is a kernel modification where I could cap the linux file
cache size. That would make Linux much more hypervisor friendly!
Jon
-Original
I'm also interested in peoples answer.
I do it off hours on our non-prod hosts to try to minimize Linux guest cache.
In our non-prod guests we run many Websphere servers with variable heap sizes.
I chose to oversize the linux guests memory by a few gig to account to allow
heap growth on
Fantastic. Thanks (again) Rob!
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Rob van
der Heij
Sent: Thursday, August 15, 2013 10:17 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: linux cache
On 15 August 2013 16:44, Dean, David (I/S)
, Jonathon D. jdveenc...@fedins.com
Fantastic. Thanks (again) Rob!
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Rob
van der Heij
Sent: Thursday, August 15, 2013 10:17 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: linux cache
On 15 August
Question: Why would SLES 11 see hipersocket retransmits and window adjustments
and not SLES 10? Is the device driver either more forgiving or efficient on
SLES 10?
I'm just curious. I may be in the same situation soon.
Regards
Jon Veencamp
Federated Insurance
-Original Message-
Have you looked at the logger command? It allows user use of the syslog service
with control over severity and facility of the messages.
Good luck!
Jon
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Bauer,
Bobby (NIH/CIT) [E]
Sent: Monday, July
Hello list,
It's been a few years since I looked at these memory management tools, and back
then there were some concerns about the production readiness of CMM or CMMA for
prod environments. It looks like CPUPLUGD can also do memory ballooning via
CMM? The problem I'm trying to solve is to
pkill slapd?
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Dean,
David (I/S)
Sent: Tuesday, June 18, 2013 8:28 AM
To: LINUX-390@VM.MARIST.EDU
Subject: stop ldap
Help, in production problem. I cannot ssh to the zlnux 11.2 server because
Well, because there are 80 ways to do everything, I can't say for sure which
method you used to turn it on. If this is SLES, I'd start with 'yast2
runlevel' and see if it was enabled to auto start there...
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On
Is there already zVM/zLinux documentation contrasting benefits/costs of
Hipersockets vs shared OSA offload? I believe OSA offload can also be an
approach that is a differentiator with Z. So might as well add that too?
Unless Hipersockets is always superior, though I'm not sure that's the
I would argue that WAS ND on zLinux is much simpler than clustering across a
bunch of x86 servers.
We've been doing Websphere ND on zLinux for 4-5 years with WAS 6.0, 6.1, 7.0,
and 8.5. The biggest advantage is scalability of each host. We run 85
Websphere instances across 5 hosts with the
of them were
reluctant to try. But we have never had anything that had errors due to it
being on zLinux. It's more a vendor comfort level thing.
Jon
-Original Message-
From: Veencamp, Jonathon D.
Sent: Monday, April 22, 2013 10:21 AM
To: LINUX-390@VM.MARIST.EDU
Subject: RE: Any real
Try the -v flag on your mount. Perhaps verbose will give a clue of why it is
hanging.
The information contained in this e-mail message is intended only for the
personal and confidential use of the designated recipient(s) named above. This
message may be an
I seem to recall another option is to use the DVD drive on your Hardware
Management Console. And with SLES at least, I also think we could use FTP as
an installation source. It might be quicker for you to get that going than to
continue to bang your head on NFS.
But it's been a few years, so
I'm curious, why do you NEED X to do maint? I do all our manual maintenance in
Yast2 via Putty. There are a few things you can't do in non-graphical (like
mark a patch taboo), but otherwise it's almost all there.
Also, You really might want to try VNC. If you don't have a vnc client, or know
Here you go:
http://www.cvedetails.com/vulnerability-list/vendor_id-471/Putty.html
-Original Message-
From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Melancon,
Ruddy
Sent: Wednesday, March 06, 2013 2:30 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Putty security
I
The putty Wikipedia page has a citation on the most recent security
vulnerability that was fixed in 0.62. Putty was caching the password in
memory, and other local processes could potentially get a password that way.
Sometimes there is security in obscurity, and sometimes it's safer to be in
This is for SLES, and is the opposite of what you want, but it shows where it
is configured (at least on SLES)
2013/1/18 Mark Pace pacemainl...@gmail.com
Is there a way to disable autocleanup of /tmp at boot? I've found
/etc/rc.d/boot.cleanup but I'm unsure of what to change to make it
Lee,
You also might want to consider rkhunter, and more importantly Tripwire(AIDE).
I would expect most Linux exploits to be buffer overflows and whatnot giving
root access, rather than file based viruses.
Regards,
Jon Veencamp
Federated Insurance
jdveenc...@fedins.com
-Original
Marcy,
Thanks for your post! I doubt I would have caught that otherwise.
We have run our Websphere servers on zLinux. We have predominantly SLES 10
(kernel 2.6.16.60), but also some lightly used SLES 11 zLinux (3.0.38-0.5).
We noticed better results with swappiness=0 than swappiness=10 on
55 matches
Mail list logo
