No doubt it started a new dance craze as well - The Security Auditor Twitch.
With AREXEC and RUNRMTCMD you could require the remote user and passphrase parameters be entered. Of course you will want to secure the commands on the host system and wrap them with your own process to ensure remote user and password are supplied.
Gary Monnier
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Matt Olson
Sent: Thursday, May 17, 2012 9:37 AM
To: Midrange Systems Technical Discussion
Subject: RE: RMTCMD's security?
Using any of these commands is a PCI security auditors worst nightmare. You might want to consider alternative options to using these commands, we had to turn them all off after a security audit.
-----Original Message-----
From: Monnier, Gary [mailto:Gary.Monnier@xxxxxxxxx]
Sent: Wednesday, May 16, 2012 3:25 PM
To: Midrange Systems Technical Discussion
Subject: RE: RMTCMD's security?
You may also want to restrict commands AREXEC and RUNRMTCMD use as well.
Gary Monnier
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of fbocch2595@xxxxxxx
Sent: Wednesday, May 16, 2012 1:22 PM
To: midrange-l@xxxxxxxxxxxx
Subject: Re: RMTCMD's security?
Right, so I figured making SBMRMTCMD public *exclude should put an end to anyone using it.
-----Original Message-----
From: Monnier, Gary <Gary.Monnier@xxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Sent: Wed, May 16, 2012 4:19 pm
Subject: RE: RMTCMD's security?
It depends upon you have your commands secured. Would you give the person ccess to a command line? Would you want them running PWRDWNSYS, DLTF, DLTPGM, tc.?
With the way IBM has set up servers you can run SBMRMTCMD on your test box. All ou do is create the DDM file so it points to your test system then run BMRMTCMD.
Gary Monnier
-----Original Message-----
rom: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx]
n Behalf Of fbocch2595@xxxxxxx
ent: Wednesday, May 16, 2012 1:11 PM
o: midrange-l@xxxxxxxxxxxx
ubject: RMTCMD's security?
i Folks, are many of you securing these commands, SBMRMTCMD, etc. so as to hange from the default of *USE for public? Do you see a risk in your users sing RMTCMD's from a test i to a production i?
hanks, Frank
-
his is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To ost a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or hange list options,
isit:
http://lists.midrange.com/mailman/listinfo/midrange-l
r email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment o review the archives at
http://archive.midrange.com/midrange-l.
--
his is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list o post a message email: MIDRANGE-L@xxxxxxxxxxxx o subscribe, unsubscribe, or change list options,
isit:
http://lists.midrange.com/mailman/listinfo/midrange-l
r email: MIDRANGE-L-request@xxxxxxxxxxxx efore posting, please take a moment to review the archives t
http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.