On Mon, 2004-08-02 at 11:29, Ferguson, Neale wrote: > Paper: Achieving CAPP/EAL3+ Security Certification for Linux > See: > http://www-124.ibm.com/linux/presentations/ols2004/sec-cert-OLS_04.pdf >
I tried 'securing' a server by following the recommendations associated with this paper. Basically, it works great for an idle server. The second I installed any sort of application (IHS or WebSphere) and tried to use the server for a purpose, all Hell broke loose. Auditing filled /var and I couldn't even log in to fix the problem. I couldn't stop the audit module because the audit, laus, and pam-laus pieces are so intertwined. I could only log in, after a reboot, if I stop and restarted the ssh daemon. A simple ulimit -n 2048 wasn't authorized anymore. If I was more fluent in PAMense, I might have gotten around these issues, but the EAL3+ specifications are so strict that I don't see how any server can be expected to be used in a production environment. I had to add 20+ packages to the package.tolerated list so I could install application software or manage the server. For example, LVM is not allowed and we depend greatly on that for managing our DASD. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
