IBM 10 SP1 EAL4 Manuale Utente

6 Mapping the TOE summary specification to the High-Level
Design

This chapter provides a mapping of the security functions of the TOE summary specification to the functions
described in this High-Level Design document.

6.1 Identification and authentication

Section 5.11 provides details of the SLES Identification and Authentication subsystem.

6.1.1 User identification and authentication data management (IA.1)

Section 5.11.2 provides details of the configuration files for user and authentication management.
Section 5.11.3.6 explains how a password can be changed.

6.1.2 Common authentication mechanism (IA.2)

Section 5.11.1 provides a description of PAM, which is used to implement the common authentication
mechanism for all the activities that create a user session.

6.1.3 Interactive login and related mechanisms (IA.3)

Section 5.11.3.3 provides a description of the interactive login process. Section 5.12.2 describes the process
of obtaining a shell from the remote system.

6.1.4 User identity changing (IA.4)

Section 5.11.3.7 provides a description of changing identity on the local system using the su command.

6.1.5 Login processing (IA.5)

Section 5.11.3.3 provides details of the login process and also a description of changing identity on the

local system.

6.2 Audit

Section 5.6 provides details of the Linux audit subsystem.

6.2.1 Audit configuration (AU.1)

Section 5.6.2 provides details of configuration of the audit subsystem to select events to be audited based on
rules defined in /etc/audit.rules audit configuration file. Section 5.15.3 describes how configuration

parameters are loaded into the SLES kernel.

6.2.2 Audit processing (AU.2)

Sections 5.6.1 and 5.6.1.2 provide details of how processes attach and detach themselves from the audit
subsystem. Section 5.15.1 describes the audit daemon and how it reads audit data from the kernel buffer and
writes audit records to a disk file.

218