Linux on IBM eServer zSeries and S/390: Best Security Practices

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.

Published 21 May 2004

cover image

ISBN-10: 0738497665
ISBN-13: 9780738497662
IBM Form #: SG24-7023-00
(176 pages)

More options

Rate and comment

Authors: Gregory Geiselhart, Ami Ehlenberger, Darius Fariborz, Jerry Lam, Neville Mendes, Carlos Ordonez, Luiz Carlos Santos, Karl-Erik Stenfors

Abstract

This IBM Redbooks publication discusses best security practices for running Linux as a z/VM guest on IBM eServer zSeries and S/390 machines. This publication is intended for system administrators and IT architects responsible for deploying secure Linux servers running under z/VM. We consider both z/VM and Linux security topics.

We examine the unique security and integrity features zSeries offers for consolidating a large number Linux servers under z/VM. We discuss virtual machine isolation and command privileges assigned to VM guests. Security configuration options for z/VM Version 4.4 are explained.

In this book, we also discuss Linux security topics. We examine options for hardening a Linux installation. Securing Linux network traffic using Secure Sockets Layer and Secure Shell is considered. We look at implementing a virtual private network using FreeS/WAN. Commercial firewall technology and implementation using the StoneGate firewall for zSeries is discussed. We examine using IBM Tivoli Access Manager in conjunction with an LDAP server running on z/OS to authenticate Linux users against a RACF running on z/OS.

Table of contents

Chapter 1. Introduction
Chapter 2. z/VM integrity and security
Chapter 3. Hardening a Linux installation
Chapter 4. Secure Sockets Layer and the Secure Shell
Chapter 5. Implementing virtual private networks using FreeS/WAN
Chapter 6. StoneGate firewall
Chapter 7. Using z/OS features in a Linux environment

Follow IBM Redbooks

Follow IBM Redbooks