SGI - Products: Software: Linux: Security

SGI

	Software

	Linux

	SGI ProPack

	SUSE

	Red Hat

	Security

	Service/Warranty

Red Hat® Enterprise Linux® v. 5 running on Altix® and Altix® XE servers has achieved LSPP, RBAC and CAPP at EAL4+ certification. This is the first certification for LSPP for SGI Linux-based systems.

TOE Security Features:

Identification and Authentication: The TOE provides identification and authentication using pluggable authentication modules (PAM) based upon user passwords. The quality of the passwords used can be enforced through configuration options controlled by the TOE. Other authentication methods (e. g. Kerberos authentication, token based authentication) that are supported by the TOE as pluggable authentication modules are not part of the evaluated configuration. Functions ensure a basic password strength and limit the use of the su command and restrict root login to specific terminals are also included.
Audit: The TOE provides the capability to audit a large number of events including individual system calls as well as events generated by trusted processes. Audit data is collected in regular files in ASCII format. The TOE provides a program for the purpose of searching the audit records. The system administrator can define a rule base to restrict auditing to the events he is interested in. This includes the ability to restrict auditing to specific events, specific users, specific objects or a combination of all of this.
Discretionary Access Control: Discretionary Access Control (DAC) restricts access to file system objects based on Access Control Lists (ACLs) that include the standard UNIX permissions for user, group and others. Access control mechanisms also protect IPC objects from unauthorized access. The TOE includes the ext3 file system, which supports POSIX ACLs. This allows defining access rights to files within this type of file system down to the granularity of a single user.
Mandatory Access Control: Mandatory Access Control (MAC) restricts access to object based on labels assigned to subjects and objects. The TOE implements the Bell-LaPadula access control ruleset which is based on labels with a hierarchical sensitivity label and a set of non-hierarchical categories. MAC is available in LSPP mode only.
Role-based Access Control: Role-based Access Control (RBAC) restricts access to objects based on roles assigned to subjects. The TOE allows the specification of roles, the assignment of users to roles and the definition of the capability of roles. RBAC is available in LSPP mode only.
Object Reuse: File system objects as well as memory and IPC objects will be cleared before they can be reused by a process belonging to a different user.
Security Management: The management of the security critical parameters of the TOE is performed by administrative users. A set of commands that require root privileges, are used for system management. Security parameters are stored in specific files that are protected by the access control mechanisms of the TOE against unauthorized access by users that are not administrative users.
Secure Communication: The TOE supports the definition of trusted channels using either the SSH v2 or the SSL v3 protocol. In the case of SSH the TOE includes the SSH server and client functions. Password based authentication is supported. To use the SSL v3 protocol the TOE provides the Stunnel client and server functions. Only a restricted number of cipher suites are supported for those protocols in the evaluated configuration. They are listed in the Security Target.
TSF Protection: While in operation, the kernel software and data are protected by the hardware memory protection mechanisms. The memory and process management components of the kernel ensure a user process cannot access kernel storage or storage belonging to other processes. Non-kernel TSF software and data are protected by DAC/MAC/RBAC and process isolation mechanisms. In the evaluated configuration, the reserved user ID root owns the directories and files that define the TSF configuration. In general, files and directories containing internal TSF data (e.g., configuration files, batch job queues) are also protected from reading by DAC/MAC/RBAC permissions. The TOE and the hardware and firmware components are required to be physically protected from unauthorized access. The system kernel mediates all access to the hardware mechanisms themselves, other than program visible CPU instruction functions.

For further details please visit: http://www.niap-ccevs.org/cc-scheme/st/vid10286/

A summary of existing certifications:

March 2008 - Altix 4700/450, Altix XE -- RHEL5.1, LSPP/RBAC/CAPP, EAL4+
- Controlled Access Protection Profile, Version 1.d (equiv to Irix)
- Labeled Security Protection Profile, Version 1.b (equiv to TRIX)
- Role Based Access Control Protection Profile Version 1.0 (new)
- NIAP cert listing: http://www.niap-ccevs.org/cc-scheme/st/vid10286/
October 2006 - Altix 4700/450 -- RHEL4, CAPP, EAL3+
- NIAP cert listing: http://www.niap-ccevs.org/cc-scheme/st/?vid=10163
October 2005 - Altix Bx2/350 -- SLES9, CAPP, EAL3+
- BSI certification

As of October, 2006, Red Hat Enterprise Linux v. 4 (update 4) running on Altix achieved certification for Controlled Access Protection Profile (CAPP) at Evaluation Assurance Level (EAL)3+. This certification was completed by NIAP in the US and it covers all Altix servers including the A4700.

As of October, 2005, SUSE™ LINUX Enterprise Server running on Altix® 3700 Bx2 supercomputer and Altix® 350 mid-range servers has been certified for Controlled Access Protection Profile (CAPP) at Evaluation Assurance Level 3+ (EAL3+).