Question: C2 Security Configuration for general Unix and Solaris/Trusted Solaris (Auditing)

Question: C2 Security Configuration for general Unix and Solaris/Trusted Solaris (Auditing)

Post by William Are » Sun, 22 Feb 2004 08:10:45



While reviewing the DoD 5200.28-STD "DEPARTMENT OF DEFENSE TRUSTED
COMPUTER SYSTEM EVALUATION CRITERIA" document and looking over
"Security Requirements for Automatic Data Processing (ADP)
Systems," for Federal systems requiring C2 compliance I realized
that I do not understand the distinction between Solaris and
Trusted Solaris.

On the issue of Accountability(auditing)

 1. Can Unix machines using only the syslogd facility meet 'C2'
    or higher?

 2. Does Trusted Solaris offer any system resource advantage
    (CPU and Disk utilization) over Solaris using BSM when
    the need for accountability requires 'C2' level of logging?

SolarisOE SunSHIELD? Basic Security Module (BSM)

 
 
 

Question: C2 Security Configuration for general Unix and Solaris/Trusted Solaris (Auditing)

Post by grog » Sun, 22 Feb 2004 20:26:21




Quote:> While reviewing the DoD 5200.28-STD "DEPARTMENT OF DEFENSE TRUSTED
> COMPUTER SYSTEM EVALUATION CRITERIA" document and looking over
> "Security Requirements for Automatic Data Processing (ADP)
> Systems," for Federal systems requiring C2 compliance I realized
> that I do not understand the distinction between Solaris and
> Trusted Solaris.

Trusted Solaris assigns "labels" to all the files, data, devices, users
and processes and takes great pains to make sure that everything with
the same label is isolated from stuff with other labels, subject to
exceptions defined by a user called the "security manager".  This is
called mandatory security because the users have no choice in what the
labels are or how they are managed.  (Well, the security manager can
specify all that when the OS is first installed, but that's it.)  In
addition to that, TSOL employs the familiar concepts of users, groups
and permissions (the discretionary security stuff).

Regular Solaris has no concept of labels.  It simply employs the
concepts of users, groups and permission settings.

Quote:> On the issue of Accountability(auditing)

>  1. Can Unix machines using only the syslogd facility meet 'C2'
>     or higher?

Not sure, but I doubt it.  I think you need to log more detail than
syslog offers.  (We need a syslog expert for this one.)

Quote:>  2. Does Trusted Solaris offer any system resource advantage
>     (CPU and Disk utilization) over Solaris using BSM when
>     the need for accountability requires 'C2' level of logging?

Not that I've seen.

 
 
 

Question: C2 Security Configuration for general Unix and Solaris/Trusted Solaris (Auditing)

Post by William Are » Fri, 27 Feb 2004 13:32:10


Thanks for the clarification. I am starting to understand the
trusted solaris distinction.

About the syslog issue, it turns out that without "kernel level logging",
you cannot get the necessary auditing that is called for to meet C2.

For Solaris, turning on BSM and rebooting the server provides C2 logging,
but has the potential to consume your resources.




> > While reviewing the DoD 5200.28-STD "DEPARTMENT OF DEFENSE TRUSTED
> > COMPUTER SYSTEM EVALUATION CRITERIA" document and looking over
> > "Security Requirements for Automatic Data Processing (ADP)
> > Systems," for Federal systems requiring C2 compliance I realized
> > that I do not understand the distinction between Solaris and
> > Trusted Solaris.

> Trusted Solaris assigns "labels" to all the files, data, devices, users
> and processes and takes great pains to make sure that everything with
> the same label is isolated from stuff with other labels, subject to
> exceptions defined by a user called the "security manager".  This is
> called mandatory security because the users have no choice in what the
> labels are or how they are managed.  (Well, the security manager can
> specify all that when the OS is first installed, but that's it.)  In
> addition to that, TSOL employs the familiar concepts of users, groups
> and permissions (the discretionary security stuff).

> Regular Solaris has no concept of labels.  It simply employs the
> concepts of users, groups and permission settings.

> > On the issue of Accountability(auditing)

> >  1. Can Unix machines using only the syslogd facility meet 'C2'
> >     or higher?

> Not sure, but I doubt it.  I think you need to log more detail than
> syslog offers.  (We need a syslog expert for this one.)

> >  2. Does Trusted Solaris offer any system resource advantage
> >     (CPU and Disk utilization) over Solaris using BSM when
> >     the need for accountability requires 'C2' level of logging?

> Not that I've seen.

 
 
 

Question: C2 Security Configuration for general Unix and Solaris/Trusted Solaris (Auditing)

Post by Erlend Legange » Sat, 28 Feb 2004 05:57:51


Just FYI, I know that within NATO, you can get C2 certification by using an
evaluated verison of Solaris (the latest is Solaris 8 02/02) and then set it
up according to the Security Release Notes:

http://wwws.sun.com/software/security/securitycert/docs/SRN_1.1.pdf

This includes a lot of settings (and also BSM), but is pretty
straightforward. You are stuck with Solaris 8 though.

See http://wwws.sun.com/software/security/securitycert/ for more details.

- Erlend Leganger

 
 
 

Question: C2 Security Configuration for general Unix and Solaris/Trusted Solaris (Auditing)

Post by jspe.. » Wed, 03 Mar 2004 11:52:13


You can also install an access control product like Access Control For
Unix from CA. Properly configured, it is rated all the way up to B2.

> Just FYI, I know that within NATO, you can get C2 certification by using an
> evaluated verison of Solaris (the latest is Solaris 8 02/02) and then set it
> up according to the Security Release Notes:

> http://wwws.sun.com/software/security/securitycert/docs/SRN_1.1.pdf

> This includes a lot of settings (and also BSM), but is pretty
> straightforward. You are stuck with Solaris 8 though.

> See http://wwws.sun.com/software/security/securitycert/ for more details.

> - Erlend Leganger

 
 
 

Question: C2 Security Configuration for general Unix and Solaris/Trusted Solaris (Auditing)

Post by pete » Sun, 01 Jan 2006 08:30:54



> Just FYI, I know that within NATO, you can get C2 certification by using an
> evaluated verison of Solaris (the latest is Solaris 8 02/02) and then set it
> up according to the Security Release Notes:

> http://wwws.sun.com/software/security/securitycert/docs/SRN_1.1.pdf

> This includes a lot of settings (and also BSM), but is pretty
> straightforward. You are stuck with Solaris 8 though.

> See http://wwws.sun.com/software/security/securitycert/ for more details.

> - Erlend Leganger

syslogd is just a messaging system, it does not log any detail at all.
applications and programs send messages to syslogd using either the
logger application or the syslog api.
syslog.conf specifies where each class of log is sent to by syslogd.
you need to configure applications using syslogd to make use of their
syslogapi functions .
for example inetd can have connection tracking reported to syslog with
the nessasary switch, ftpd can log more detail with the nessasary
switch, and ssh has some config options to vary the detail reported via
the syslog api.
syslog is not C2, it is basic security logging.

dont even consider process accounting for security logging!

C2 security logging ie BSM in solaris assigns a tracking number to a
user when they log in. every event they carry out even when they switch
user is logged against that tracking number. creation, and deletion of
files, updates, anything that requires a kernel system call is recorded
through BSM against that tracking ID.
yes it consumes lots of resources, upto 10% of CPU based on a box being
properly utilised, and potentialy many gigabytes of data a day of
logging information.
BSM is no good on its own as no human could possibly review this vast
amount of data and should be used in conjunction with a product such as
ISS real secure to pull the data off and analyse it in real time.

regards peter

 
 
 

1. Looking for Solaris C2 Audit Trails

I am looking for some sample audit trail output from a C2 Solaris system.  The
audit trail samples need to indicate not only the command or program that was
executed, but the command line arguements as well.  If you have such a file and
do not mind sending me a few lines, I would apprciate it.

Thanks,
Eric Fisch

2. Transfering files from server to cliant and vice versa

3. C2 Security Audit reduction program

4. HELP:function and FORK

5. Is anyone using C2 UNIX auditing?????

6. dual celeron

7. Solaris 9, NIS, C2 security - no logins

8. How to turn off colors in man output

9. C2 security under Solaris

10. Solaris 2.X C2 Security Doc

11. Linux nis client with solaris nis server in C2 security mode

12. Is anyone using C2 UNIX auditing??????

13. C2 Security under Solaris 2.x