Understanding Linux Audit - Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual

30

Understanding Linux Audit

The Linux audit framework as shipped with this version of SUSE Linux Enterprise
Desktop provides a CAPP-compliant (Controlled Access Protection Profiles) auditing
system that reliably collects information about any security-relevant events. The audit
records can be examined to determine whether any violation of the security policies
has been committed and by whom.
Providing an audit framework is an important requirement for a CC-CAPP/EAL
(Common Criteria-Controlled Access Protection Profiles/Evaluation Assurance Level)
certification. Common Criteria (CC) for Information Technology Security Information
is an international standard for independent security evaluations. Common Criteria
helps customers judge the security level of any IT product they intend to deploy in
mission-critical setups.
Common Criteria security evaluations have two sets of evaluation requirements, func-
tional and assurance requirements. Functional requirements describe the security at-
tributes of the product under evaluation and are summarized under the Controlled Access
Protection Profiles (CAPP). Assurance requirements are summarized under the Evalu-
ation Assurance Level (EAL). EAL describes any activities that must take place for the
evaluators to be confident that security attributes are present, effective, and implemented.
Examples for activities of this kind include documenting the developers' search for se-
curity vulnerabilities, the patch process, and testing.
This guide provides a basic understanding of how audit works and how it can be set
up. For more information about Common Criteria itself, refer to the Common Criteria
Web site [http://www.commoncriteriaportal.org/].
Understanding Linux Audit 335