Red Hat Enterprise Linux 4 (RHEL) AS Update 1 and WS Update 1 are general-purpose, multi user, multi-tasking Linux-based operating systems which provide a platform for a variety of applications in both the governmental and commercial environments. The evaluation covers a potentially distributed, but closed network of IBM xSeries (including Intel Xeon, Intel Xeon EM64T and AMD Opteron based systems), pSeries, iSeries, zSeries, eServer, and IBM Blade center.
\r\nRHEL 4 is available on a broad range of computer systems, ranging from departmental servers to multi-processor enterprise servers.
\r\nThe RHEL security features include: standard Unix permission bits and POSIX-compliant Access Control Lists (ACLs) that implement a discretionary access control policy; identification and authentication capability to control access to the system; object reuse functionality, domain separation, an audit trail capability; and administrator tools for managing the security functions.
\r\nThe kernel, which implements the fundamental protection mechanisms of the product, executes in the privileged state of the processor, and is protected from interference and tampering by the memory management mechanism of the hardware. In turn, the kernel maintains separation of user processes through the implementation of per-process address spaces via process management functions.
\r\nIn addition to the kernel functionality, user space application implement the following portions of the security functionality: the identification and authentication mechanism including the maintenance of a user database; the storage of audit data to disk, the audit configuration mechanism and the audit review mechanism. All management tools are implemented as part of the user space.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the RHEL4 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2. 2 and National and International Interpretations effective on 20 05-12-15. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2.
\r\nThe CCTL (atsec) determined that the evaluation assurance level (EAL) for the product is EAL 4, augmented with the CC Flaw Remediation (ALC_FLR) family of assurance requirements. The product, when configured as specified in the Evaluated Configuration Guide satisfies all of the security functional requirements stated in the Security Target Red Hat Enterprise LinuxVersion 4 Update 1Security Target for CAPP Compliance v 2.5 and is conformant to the CAPP. The evaluation was completed in December 2005. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-06- 0009, dated 15 January 2006) prepared by CCEVS.
","environmental_strengths":"Red Hat Enterprise Linux provides the security functionality to meet the Controlled Access Protection Profile requirements. Here are some examples of the security features available:
\r\nSecurity Audit: Provides administrator configurable audit of system events and user actions, as well as the ability to store audit records and protect them from unauthorized access.
\r\nUser Data Protection: Enforces the Discretionary Access Control Policy on processes, users and file system objects. Permits only administrators and object owners to modify the access control attributes of named objects. Access Control Lists (ACLs) provide fine grained control for files and directories.
\r\nIdentification and Authentication: Identifies users, groups of users and checks authentication data.
\r\nSecurity Management: Provides a set of management tools for the authorized administrator to create, delete and modify users, groups and their authentication data and to manage the audit subsystem.
\r\nProtection of TOE Security Functions: Provides a tool which the administrator can run at will to verify the correct functioning of the TOE hardware; this includes tests for the zSeries, xSeries, iSeries, pSeries and AMD Opteron (TM) based systems. Protects the TSF from interference by untrusted programs.
","features":[]}