The Virtualization Cookbook for SLES 10 SP2 - z/VM - IBM
The Virtualization Cookbook for SLES 10 SP2 - z/VM - IBM
The Virtualization Cookbook for SLES 10 SP2 - z/VM - IBM
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
4.8.2 Testing the changes<br />
To test your changes you must reIPL z/<strong>VM</strong> again. Be sure you are in a position to do so!<br />
Per<strong>for</strong>m the following steps:<br />
► Shutdown and reIPL your system.<br />
==> shutdown reipl iplparms cons=sysc<br />
SYSTEM SHUTDOWN STARTED<br />
► When your system comes back logon as MAINT.<br />
► Query the SRM values to see that the new STORBUF settings is in effect and the SIGNAL<br />
SHUTDOWN value is set to 300 seconds:<br />
==> q srm<br />
IABIAS : INTENSITY=90%; DURATION=2<br />
LDUBUF : Q1=<strong>10</strong>0% Q2=75% Q3=60%<br />
STORBUF: Q1=300% Q2=250% Q3=200%<br />
DSPBUF : Q1=32767 Q2=32767 Q3=32767<br />
...<br />
==> q signal shutdown<br />
System default shutdown signal timeout: 300 seconds<br />
This output shows that your changes have taken effect.<br />
4.9 Addressing z/<strong>VM</strong> security issues<br />
This section briefly discusses the following security issues.<br />
► z/<strong>VM</strong> security products<br />
► High level z/<strong>VM</strong> security<br />
► Linux user ID privilege classes<br />
► z/<strong>VM</strong> user ID and minidisk passwords<br />
<strong>VM</strong> security products<br />
You might want to use a z/<strong>VM</strong> security product such as <strong>IBM</strong> RACF or CA <strong>VM</strong>:Secure. <strong>The</strong>y<br />
allow you to address more security issues such as password aging and the auditing of users<br />
access attempts.<br />
High level z/<strong>VM</strong> security<br />
<strong>The</strong> paper z/<strong>VM</strong> Security and Integrity discusses the isolation and integrity of virtual servers<br />
under z/<strong>VM</strong>. It is on the Web at:<br />
http://www.vm.ibm.com/library/zvmsecint.pdf<br />
Linux user ID privilege classes<br />
Another security issue is the privilege class that Linux user IDs are assigned. <strong>The</strong> <strong>IBM</strong><br />
Redpaper Running Linux Guests with less than CP Class G Privilege addresses this issue. It<br />
is on the Web at:<br />
http://www.redbooks.ibm.com/redpapers/pdfs/redp3870.pdf<br />
z/<strong>VM</strong> user ID and minidisk passwords<br />
All passwords in a vanilla z/<strong>VM</strong> system are the same as the user ID. This is a large security<br />
hole. <strong>The</strong> minimum you should do is to address this issue.<br />
<strong>The</strong>re are two types of passwords in the USER DIRECT file:<br />
62 <strong>The</strong> <strong>Virtualization</strong> <strong>Cookbook</strong> <strong>for</strong> RHEL 6