[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Auditing System



> Hello all,
> 
> I am under the impression that LAuS will not be ported forward to
> newer kernels --- 2.6.10+. Is this correct?
> 
> Also, I understand that RedHat's auditing system has made it into the
> vanilla kernel. How does this affect the CC-EAL4+ certification?
> Essentially, the certification will not be valid in any extent past
> kernel 2.6.5 correct? I was hoping to acquire CC-EAL4+ equivalent
> security functions and measures within the 2.6.17 kernel. Has there
> been any precedence or discussion about this aspect of previous
> kernels from the SLES parentage moving forward to newer releases?

That's right. laus was designed and implemented for compliance with the 
requirements of the Controlled Access Protection Profile. Red Hat did the 
same for the audit subsystem that was merged upstream, but unfortunately, 
it wsn't fit for CAPP compliance. Later, late last year and early this 
year, improvements have been made to be CAPP compliant by taking elements 
from laus and merging them with the upstream implementation. This was 
signal enough for us to abandon laus for SLES10 (this happened during and 
after 10.0) in favour of what is present in the upstream kernel.

SLES10, though, is missing some small features that will make it CAPP 
compliant. It is planned to integrate them into the code base over the 
next few months.

> 
> Thanks.
> Thomas

Thanks,
Roman.
-- 
 -                                                                      -
| Roman Drahtmüller   <draht@xxxxxxxxxx> // "You don't need eyes to see, |
  Security Architect    Phone:          //             you need vision!"
| Novell - SUSE Linux   +49-911-740530 //           Maxi Jazz, Faithless |
 -                                                                      -
-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here