The details of mainframe security and Linux security are described in numerous technical papers, on Web sites, and in other books. This chapter covers those security aspects of Linux on the mainframe that are likely to influence a decision to run certain types of work, or store certain types of data on the Linux system.
On any platform, total security is an unattainable ideal, but security as a goal must be continually revisited and refined. Each platform comes with a degree of built-in security, and going beyond that means cost and effort. You need to balance the risk you are prepared to take against what you are willing to spend. Thus, when planning a Linux-on-the-mainframe project, you must ask yourself if the project will have sufficient security for a reasonable cost.
New projects and workloads can benefit from tools available in the Linux-on-the-mainframe environment. If you are moving from a traditional server farm, sometimes the tools that you have been using for your current environment are also available for Linux on the mainframe. For a list of security tools, see 25.3, "Security management tools."
Security management is really about risk management. Your goal when analyzing your system security is to reduce the perceived risk. To what level you want to reduce the risk is a question of how much you can spend to get a certain return on your investment. To build a security policy that is both functional and meets operational business needs, you need to balance a combination of physical security, software security, and trust in personnel. Here, it makes sense to spend effort on the areas that will give you the most benefit.
The technology involved in a Linux-on-the-mainframe solution offers some security benefits. In this chapter, we address these questions: