The Linux audit framework as shipped with this version of openSUSE Leap provides a CAPP-compliant (Controlled Access Protection Profiles) auditing system that reliably collects information about any security-relevant event. The audit records can be examined to determine whether any violation of the security policies has been committed, and by whom.
Providing an audit framework is an important requirement for a CC-CAPP/EAL (Common Criteria-Controlled Access Protection Profiles/Evaluation Assurance Level) certification. Common Criteria (CC) for Information Technology Security Information is an international standard for independent security evaluations. Common Criteria helps customers judge the security level of any IT product they intend to deploy in mission-critical setups.
Common Criteria security evaluations have two sets of evaluation requirements, functional and assurance requirements. Functional requirements describe the security attributes of the product under evaluation and are summarized under the Controlled Access Protection Profiles (CAPP). Assurance requirements are summarized under the Evaluation Assurance Level (EAL). EAL describes any activities that must take place for the evaluators to be confident that security attributes are present, effective and implemented. Examples for activities of this kind include documenting the developers' search for security vulnerabilities, the patch process, and testing.
This guide provides a basic understanding of how audit works and how it can be set up. For more information about Common Criteria itself, refer to the Common Criteria Web site.
本章では、シンプルな監査環境を構築するまでの説明を行っています。各手順には設定や監査の有効化に関する詳細な説明が含まれています。下記の内容を学習したあとは、 第42章 「監査ルールセットの紹介」 に示されている実際の例に読み進めてください。
下記の設定例では、どのようにして監査システムからお使いのシステムを監視することができるのかについて説明しています。また、 Controlled Access Protection Profile (CAPP) で指定されている監査対象のイベントをカバーするのに必要な項目について、主なものを紹介しています。
Linux 監査フレームワークに関しては、ここまでに説明したもの以外にも様々な情報源が用意されています: