Linux on IBM eServer zSeries and S/390: Best Security Practices
An IBM Redbooks publication
Note: This is publication is now archived. For reference only.
This IBM Redbooks publication discusses best security practices for running Linux as a z/VM guest on IBM eServer zSeries and S/390 machines. This publication is intended for system administrators and IT architects responsible for deploying secure Linux servers running under z/VM. We consider both z/VM and Linux security topics.
We examine the unique security and integrity features zSeries offers for consolidating a large number Linux servers under z/VM. We discuss virtual machine isolation and command privileges assigned to VM guests. Security configuration options for z/VM Version 4.4 are explained.
In this book, we also discuss Linux security topics. We examine options for hardening a Linux installation. Securing Linux network traffic using Secure Sockets Layer and Secure Shell is considered. We look at implementing a virtual private network using FreeS/WAN. Commercial firewall technology and implementation using the StoneGate firewall for zSeries is discussed. We examine using IBM Tivoli Access Manager in conjunction with an LDAP server running on z/OS to authenticate Linux users against a RACF running on z/OS.
Chapter 1. Introduction
Chapter 2. z/VM integrity and security
Chapter 3. Hardening a Linux installation
Chapter 4. Secure Sockets Layer and the Secure Shell
Chapter 5. Implementing virtual private networks using FreeS/WAN
Chapter 6. StoneGate firewall
Chapter 7. Using z/OS features in a Linux environment