Hey Mark,
I recently discovered that there are security hardened version of SUSE that are certified/accredited to EAL 3 and even EAL 4.
Does anyone have any experienced feedback on how restrictive these setups are?
We are looking to implement a data retreival system that access disks over NFS and tape drives over SCSI, but does little else. Would like to know if I could still do these simple things.
Regards,
Mark Armstrong
I'm not sure if one can call the evaluated configuration a "hardened" system. There are some configuration files for pam and account management and some predefined config files for some packages, resulting in stricter file modes (using permissions.eal4) and some unnecessary stuff turned off. There is a package called certification-sles-eal4 that is available in the SLES9 update trees. It contains * the so-called security guide, a step-by-step documentation to deliver the fresh install to the evaluated configuration, * a script that does the same semi- or fully automatically, * a set of config files that are being overwritten by the script, and * a list of packages that are required or tolerated in the installation. Have a look at http://ftp.suse.com/pub/people/draht/misc/eal4/ . I have put the contents of that package in there for you to have a look at it. Be aware that the "Common Criteria EAL4+ Evaluated Configuration Guide for SUSE LINUX Enterprise Server on IBM Hardware" is copyrighted by atsec GmbH, Klaus Weidner. The script has been written by me and Klaus. Thanks, Roman. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org