Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [suse-security] Auditing System
From: Roman Drahtmueller (drahtnovell.com)
Date: Mon Jul 31 2006 - 10:43:02 CDT
> Hello all,
> I am under the impression that LAuS will not be ported forward to
> newer kernels --- 2.6.10+. Is this correct?
> Also, I understand that RedHat's auditing system has made it into the
> vanilla kernel. How does this affect the CC-EAL4+ certification?
> Essentially, the certification will not be valid in any extent past
> kernel 2.6.5 correct? I was hoping to acquire CC-EAL4+ equivalent
> security functions and measures within the 2.6.17 kernel. Has there
> been any precedence or discussion about this aspect of previous
> kernels from the SLES parentage moving forward to newer releases?
That's right. laus was designed and implemented for compliance with the
requirements of the Controlled Access Protection Profile. Red Hat did the
same for the audit subsystem that was merged upstream, but unfortunately,
it wsn't fit for CAPP compliance. Later, late last year and early this
year, improvements have been made to be CAPP compliant by taking elements
from laus and merging them with the upstream implementation. This was
signal enough for us to abandon laus for SLES10 (this happened during and
after 10.0) in favour of what is present in the upstream kernel.
SLES10, though, is missing some small features that will make it CAPP
compliant. It is planned to integrate them into the code base over the
next few months.
| Roman Drahtmüller <drahtnovell.com> // "You don't need eyes to see, |
Security Architect Phone: // you need vision!"
| Novell - SUSE Linux +49-911-740530 // Maxi Jazz, Faithless |
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here