Auditing; Self-Tests; Access Controls; Security-Enhanced Linux Support - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual

Auditing

4.11. Auditing
The Certificate System maintains audit logs for all events, such as requesting, issuing and revoking
certificates and publishing CRLs. These logs are then signed. This allows authorized access or activity
to be detected. An outside auditor can then audit the system if required. The assigned auditor user
account is the only account which can view the signed audit logs. This user's certificate is used to sign
and encrypt the logs. Audit logging is configured to specify the events that are logged.

4.12. Self-Tests

The Certificate System provides the framework for system self-tests that are automatically run at
startup and can be run on demand. A set of configurable self-tests are already included with the
Certificate System.

4.13. Access Controls

Certificate System users can be assigned to groups, and they then have the privileges of whichever
group they are members. A user only has privileges for the instance of the subsystem in which the
user is created and the privileges of the group to which the user is a member.
The Certificate System provides an authorization framework for creating groups and assigning access
control to those groups. The default access control on preexisting groups can be modified, and access
control can be assigned to individual users and IP addresses. Access points for authorization have
been created for the major portions of the system, and access control rules can be set for each point.
The Certificate System is configured by default with four user types with different access levels to the
system:
• Administrators, who can perform any administrative or configuration task for a subsystem.
• Agents, who perform PKI management tasks, like approving certificate requests, managing token
enrollments, or recovering keys.
• Auditors, who can view and configure audit logs.
• Trusted managers, which are subsystems with trusted relationship with another subsystem.
Additionally, when a security domain is created, the CA subsystem which hosts the domain is
automatically granted the role of Security Domain Administrator, which gives the subsystem the
ability to manage the security domain and the subsystem instances within it. Other security domain
administrator roles can be created for the different subsystem instances.

4.14. Security-Enhanced Linux Support

SELinux is a collection of mandatory access control rules which are enforced across a system to
restrict unauthorized access and tampering. SELinux is described in more detail in the Red Hat
1
"Introduction to SELinux"
Enterprise Linux documentation, such as in the Red Hat Enterprise Linux
Deployment Guide.
Basically, SELinux identifies objects on a system, which can be files, directories, users, processes,
sockets, or any other resource on a Linux host. These objects correspond to the Linux API objects.
1
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/ch-selinux.html
51