The target of evaluation (TOE) is the operating system Red Hat Enterprise Linux Version 5.1. The TOE is a general purpose; multi-user, multi-tasking Linux based operating system, which provides a platform for a variety of applications. The evaluation covers a potentially distributed, but closed network of SGI Altix and SGI Altix XE servers running the evaluated version of Red Hat Enterprise Linux. The hardware platforms selected for the evaluation consist of machines which are available when the evaluation was completed and are expected to remain available for a substantial period of time afterwards.
\r\nThe TOE Security Functions (TSF) consist of operating system functions that run in kernel mode plus some trusted processes. These are the functions that enforce the security policy as defined in the Security Target. Tools and commands executed in user mode that are used by an administrative user must also be trusted to manage the system in a secure way. The basic tools required for the secure configuration and management of the TOE are included as part of the TSF in this evaluation.
","evaluation_configuration":null,"security_evaluation_summary":"The Red Hat Enterprise Linux Version 5.1 was evaluated against the Common Criteria for Information Technology Security Evaluation, Version 3.1, by the atsec information security corporation Common Criteria Testing Laboratory (CCTL). The evaluation methodology used was the Common Methodology for Information Technology Security Evaluation, Version 3.1. The CCTL concluded that the TOE Common Criteria Part 2 extended and Part 3 conformant, with a claimed Evaluation Assurance Level of EAL4 augmented by ALC_FLR.3. The extensions to part 2 of the Common Criteria are those introduced by the Controlled Access Protection Profile [CAPP], the Role Based Access Control [RBAC] profile and the Labeled Security Protection Profile [LSPP]. The validation was conducted by NIAP™s Common Criteria Evaluation and Validation Scheme (CCEVS). The evaluation was completed on 27 March, 2008.
","environmental_strengths":"Red Hat Enterprise Linux provides the security functionality to meet the Controlled Access Protection Profile requirements. The following are the security features available:
\r\nIdentification and Authentication: The TOE provides identification and authentication using pluggable authentication modules (PAM) based upon user passwords. The quality of the passwords used can be enforced through configuration options controlled by the TOE. Other authentication methods (e. g. Kerberos authentication, token based authentication) that are supported by the TOE as pluggable authentication modules are not part of the evaluated configuration. Functions ensure a basic password strength and limit the use of the su command and restrict root login to specific terminals are also included.
\r\nAudit: The TOE provides the capability to audit a large number of events including individual system calls as well as events generated by trusted processes. Audit data is collected in regular files in ASCII format. The TOE provides a program for the purpose of searching the audit records. The system administrator can define a rule base to restrict auditing to the events he is interested in. This includes the ability to restrict auditing to specific events, specific users, specific objects or a combination of all of this.
\r\nDiscretionary Access Control: Discretionary Access Control (DAC) restricts access to file system objects based on Access Control Lists (ACLs) that include the standard UNIX permissions for user, group and others. Access control mechanisms also protect IPC objects from unauthorized access. The TOE includes the ext3 file system, which supports POSIX ACLs. This allows defining access rights to files within this type of file system down to the granularity of a single user.
\r\nMandatory Access Control: Mandatory Access Control (MAC) restricts access to object based on labels assigned to subjects and objects. The TOE implements the Bell-LaPadula access control ruleset which is based on labels with a hierarchical sensitivity label and a set of non-hierarchical categories. MAC is available in LSPP mode only.
\r\nRole-based Access Control: Role-based Access Control (RBAC) restricts access to objects based on roles assigned to subjects. The TOE allows the specification of roles, the assignment of users to roles and the definition of the capability of roles. RBAC is available in LSPP mode only.
\r\nObject Reuse: File system objects as well as memory and IPC objects will be cleared before they can be reused by a process belonging to a different user.
\r\nSecurity Management: The management of the security critical parameters of the TOE is performed by administrative users. A set of commands that require root privileges, are used for system management. Security parameters are stored in specific files that are protected by the access control mechanisms of the TOE against unauthorized access by users that are not administrative users.
\r\nSecure Communication: The TOE supports the definition of trusted channels using either the SSH v2 or the SSL v3 protocol. In the case of SSH the TOE includes the SSH server and client functions. Password based authentication is supported. To use the SSL v3 protocol the TOE provides the Stunnel client and server functions. Only a restricted number of cipher suites are supported for those protocols in the evaluated configuration. They are listed in the Security Target.
\r\nTSF Protection: While in operation, the kernel software and data are protected by the hardware memory protection mechanisms. The memory and process management components of the kernel ensure a user process cannot access kernel storage or storage belonging to other processes. Non-kernel TSF software and data are protected by DAC/MAC/RBAC and process isolation mechanisms. In the evaluated configuration, the reserved user ID root owns the directories and files that define the TSF configuration. In general, files and directories containing internal TSF data (e.g., configuration files, batch job queues) are also protected from reading by DAC/MAC/RBAC permissions. The TOE and the hardware and firmware components are required to be physically protected from unauthorized access. The system kernel mediates all access to the hardware mechanisms themselves, other than program visible CPU instruction functions.
\r\nThe cryptography used in this product was tested using a cipher compliance test approach, which used the methodology proscribed by the NIST Cryptographic Algorithm Validation Scheme. Those security functions included as FIPS Approved functions were tested by the cryptographic test laboratory and validated by NIST's Cryptographic Algorithm Validation Program. The accredited laboratory used the CAVS tool version 5.1. A similar test methodology to that used by NIST was developed for the non-FIPS Approved RC4 algorithm using the ARCFOUR definition as a reference implementation, in order to test for successful implementation of the algorithm. The method is described in the laboratory's “Developed Methods”. The testing for implementation correctness of this algorithm (RC4) was NOT validated by NIST nor any other independent third party.
\r\n\r\n
\r\n