Compliant Product - Red Hat Enterprise Linux 7.6
Certificate Date: 2020.07.17CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11039-2020
Product Type: Operating System
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for General Purpose Operating Systems Version 4.2.1
Extended Package for Secure Shell (SSH) Version 1.0
CC Testing Lab: Acumen Security
Red Hat® Enterprise Linux® is the world’s leading enterprise Linux platform. It’s an open source operating system (OS) that supports multiple users, user permissions, access controls, and cryptographic functionality. The TOE also supports secure connectivity with several other IT environment devices as described in Table 1 below,
The TOE itself does not have physical boundaries; however, the TOE was evaluated on a Dell Inc. PowerEdge R630 with an Intel(R) Xeon(R) E5-2620v4 processor.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Red Hat Enterprise Linux 7.6 was evaluated is described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1. The product, when delivered configured as identified in the RHEL 7.6 Common Criteria Configuration for GPOSPP version 4.2.1, satisfies all of the security functional requirements stated in the Red Hat Enterprise Linux 7.6 Security Target version 1.1 The project underwent CCEVS Validator review. The evaluation was completed in June 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE provides the security functionality required by [GPOSPP] and [SSHEP].
The TOE generates and stores audit events using the Lightweight Audit Framework (LAF). The LAF is designed to be an audit system making Linux compliant with the requirements from Common Criteria by intercepting all system calls and receiving audit events from privileged user space applications. The framework allows configuring the events to be recorded from the set of all events that are possible to be audited. Each audit record contains the date and time of event, type of event, subject identity, user identity and results (success/fail) of the action if applicable.
The TOE provides a broad range of cryptographic support; providing SSHv2 and TLSv1.2 protocol implementations in addition to individual cryptographic algorithms.
The cryptographic services provided by the TOE are described below.
Table 2 TOE Cryptographic Protocols
The TOE includes two cryptographic libraries/implementations. Each of these cryptographic algorithms has been validated for conformance to the requirements specified in their respective standards, as identified below.
The OpenSSL library provides TLS Client functions that may be used by applications. The OpenSSL library also provides the cryptographic algorithms for the SSH Client, SSH Server, and Secure Boot functionality.
The NSS library provides cryptographic algorithms for Trusted Update functionality.
User Data Protection
Discretionary Access Control (DAC) allows the TOE to assign owners to file system objects and Inter-Process Communication (IPC) objects. The owners are allowed to modify Unix-type permission bits for these objects to permit or deny access for other users or groups. The DAC mechanism also ensures that untrusted users cannot tamper with the TOE mechanisms.
The TOE also implements POSIX Access Control Lists (ACLs) that allow the specification of the access to individual file system objects down to the granularity of a single user.
Identification and Authentication
User identification and authentication in the TOE includes all forms of interactive login (e.g. using the SSH protocol or log in at the local console) as well as identity changes through the su or sudo command. These all rely on explicit authentication information provided interactively by a user.
The authentication security function allows password-based authentication. For SSH access, public-key-based authentication is also supported.
Password quality enforcement mechanisms are offered by the TOE which are enforced at the time when the password is changed.
The security management facilities provided by the TOE are usable by authorized users and/or authorized administrators to modify the configuration of TSF.
Protection of the TSF
The TOE implements self-protection mechanisms that protect the security mechanisms of the TOE as well as software executed by the TOE. The following self-protection mechanisms are implemented and enforced:
· Address Space Layout Randomization for user space code.
· Stack buffer overflow protection using stack canaries.
· Secure Boot ensuring that the boot chain up to and including the kernel together with the boot image (initramfs) is not tampered with.
· Updates to the operating system are only installed after their signatures have been successfully validated.
The TOE displays informative banners before users are allowed to establish a session.
The TOE supports TLSv1.2 and SSHv2 to secure remote communications. Both protocols may be used for communications with remote IT entities. Remote administration is only supported using SSHv2.
Red Hat, Inc.
+1 919 754 4950
+1 919 800 3804