Slashdot Mirror

← Back to Stories (view on slashdot.org)

Auditing for Linux?

Posted by Cliff on from the capturing-the-data-trail dept.

steelwraith asks: "I'm a contractor working for a DoD agency, and there has been an on-going firefight over whether to allow Linux to be used withing the agency, with a possibility of this spilling over into DoD as a whole. Does anyone know of a project to create or port auditing into any of the Linux distributions? This is a major hurdle to the widespread adoption of Linux in the government; while it has a toe hold in places already, I fear it could be cut off before it has a chance to show its worth."

"A quick search of several sites (I'm under the gun, so I don't have a lot of time to do research) shows that there are no add-ons to Linux to allow C2 level auditing (a la BSM in Solaris). This is one of the primary arguments left for the side that want to deep-six Linux in the agency (on top of the requirement for a vendor integrity statement of some kind)."

2 of 118 comments (clear)

  1. SGI is working on this by fialar · · Score: 5

    I attended a Linux University workshop from SGI last Friday and at the Linux Security breakout session, the gentleman from SGI who does a lot of work with the NSA and the government said that SGI is working on making Linux C2 and B1 compliant. These should be finalized sometime next year. Auditing is one of the components that still needs to be worked on just to make Linux at least C2 compliant.

    For the B1 compliancy, there has to be further security checks (like mandatory security access on the FS)

    A lot of this good stuff will be coming from IRIX, which has been pretty secure in and of itself.
    We should be seeing a lot of security added to Linux this year.

    Fialar

  2. Security Auditing for Linux by Crispin+Cowan · · Score: 5
    There are two projects you may be interested in. The first is the Linux BSM project at U.C. Davis (home of an excellent security research lab by the way). The project's goal is to provide TCSEC-compliant auditing for Linux. They appear to have made reasonable progress. The last update to the web page was Feb. 15.

    The second project you may want to consider is that SGI is building an "orange book" Linux, with a goal of C2 by October, and B1 by next spring.

    Note that this question was posted to Slashdot last year so you probably want to go check out the responses there.

    Finally, while I'm here, I'll plug my own security-hardened Linux distro: Immunix. Immunix is not TCSEC compliant or anything like that. Rather, it is designed to be extremely difficult to break into, while preserving a high degree of Linux compatibility. Currently, it is just Red Hat hardened with StackGuard, but we will be releasing additional security technologies shortly.

    Crispin
    -------
    CTO, WireX Communications, Inc.
    Immunix: Free hardened Linux