From owner-freebsd-stable@FreeBSD.ORG Wed Apr 20 11:49:24 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A943016A4CE for ; Wed, 20 Apr 2005 11:49:24 +0000 (GMT) Received: from smtp-vbr12.xs4all.nl (smtp-vbr12.xs4all.nl [194.109.24.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id E9AE043D2F for ; Wed, 20 Apr 2005 11:49:23 +0000 (GMT) (envelope-from wb@freebie.xs4all.nl) Received: from freebie.xs4all.nl (freebie.xs4all.nl [213.84.32.253]) j3KBnMni005202; Wed, 20 Apr 2005 13:49:22 +0200 (CEST) (envelope-from wb@freebie.xs4all.nl) Received: from freebie.xs4all.nl (localhost [127.0.0.1]) by freebie.xs4all.nl (8.13.3/8.12.9) with ESMTP id j3KBnLfu047415; Wed, 20 Apr 2005 13:49:21 +0200 (CEST) (envelope-from wb@freebie.xs4all.nl) Received: (from wb@localhost) by freebie.xs4all.nl (8.13.3/8.13.1/Submit) id j3KBnLYg047414; Wed, 20 Apr 2005 13:49:21 +0200 (CEST) (envelope-from wb) Date: Wed, 20 Apr 2005 13:49:21 +0200 From: Wilko Bulte To: "Michael A. Koerber" Message-ID: <20050420114921.GA47399@freebie.xs4all.nl> References: <42664034.1060700@ll.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42664034.1060700@ll.mit.edu> X-OS: FreeBSD 4.11-STABLE User-Agent: Mutt/1.5.6i X-Virus-Scanned: by XS4ALL Virus Scanner cc: freebsd-stable@freebsd.org Subject: Re: Meeting Security Requirements with FreeBSD X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Apr 2005 11:49:24 -0000 The local guru is Robert Watson You might also be interested in http://www.trustedbsd.org Wilko On Wed, Apr 20, 2005 at 07:42:44AM -0400, Michael A. Koerber wrote.. > All, > > 1. Currently FreeBSD (or any other BSD) doesn't seem to be on the list > of approved OS's for classified processing. I'm trying to obtain at > least local approval, but I don't speak the "security language" too > well. Any help would be greatly appreciated. > > 2. The unix's that are approved are Solaris and Redhat/Fedora. I have > reviewed the "PL1 Checklists" and it seems to me that Redhat/Linux might > be the closest set of requirements, so I'm working off that. > > 3. I've "mapped" most of the requirements to FreeBSD (basic unix stuff). > > 4. The major sticking point today is "Accesses to Security-Relevant > Objects". > > a. Under Redhat the requirement is "Implement Snare" or "Implement > LauS (Linux Auditing System". > > b. The Solaris equivalent requirement seems to be set up of the Basic > Security Model "BSM". > > I don't see either of these packages ported to BSD. What is the BSD > approach to meeting the (logging) requirements provided by the above > packages? I thought that MAC might be the answer, but I see nothing > about logging "events" in the manual. > > tnx > mike > -- > --------------------- > Dr Michael A. Koerber > x3250 > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" --- end of quoted text --- -- Wilko Bulte wilko@FreeBSD.org