Slashdot Mirror

← Back to Stories (view on slashdot.org)

Red Hat Linux Gets Top Govt. Security Rating

Posted by CmdrTaco on from the take-that-to-yer-boss-and-shove-it dept.

zakeria writes "Red Hat Linux has received a new level of security certification that should make the software more appealing to some government agencies. Earlier this month IBM was able to achieve EAL4 Augmented with ALC_FLR.3 certification for Red Hat Enterprise Linux, putting it on a par with Sun Microsystems Inc.'s Trusted Solaris operating system, said Dan Frye, vice president of open systems with IBM."

5 of 128 comments (clear)

  1. CentOS too? by frankenheinz · · Score: 3, Interesting

    So does CentOS get some sort of auto cert then?

    --
    The law is not an ass. No really.
  2. Re:For people who don't grok EAL4 and ALC_FLR.3 by crush · · Score: 5, Interesting

    It's worth pointing out that this is actually equivalent to a "B1" TCSEC rating http://en.wikipedia.org/wiki/TCSEC and that it's impossible to get any higher rating for a commodity operating system. This is all specifically due to the SELinux support in Red Hat EL (and consequently CentOS and Fedora and other derivatives). Supposedly SuSE/Novell are trying to achieve this rating ATM but due to the limitations of AppArmor compared to SELinux it seems unlikely that they will.

  3. Re:Hrmm. Not good enough for the average user by jimstapleton · · Score: 3, Interesting

    Are you naturally this off topic, or did it take effort.

    Ignoring for the the moment I agree with *some* of your points, Linux on the desktop has nothing to do with this post, it is entirely about Linux as an enterprise grade server OS.

    --
    34486853790
    Connection too slow for X forwarding? Try "ssh -CX user@host"
  4. Only as secure as its least secure member... by TheGreatHegemon · · Score: 3, Interesting

    Make no mistake; the OS does make a good deal of difference for security in some respects. However, it seems to me that most security leaks come from HUMAN error. With respect to that, Red Hat does nothing (nor could I expect it to...). Nice to know that Linux can at least be recognized this way, at least.

  5. Yeah yeah. But what does it /mean/? by jimicus · · Score: 3, Interesting

    Any idiot can build a Linux system which runs absolutely no services whatsoever and SELinux to delegate authority appropriately with modern RedHat versions.

    What's more interesting is does the resulting system do anything useful? Web server? Mail server? DNS? File server?

    Do you lose certification as soon as any extra services are running? In which case, it's fairly meaningless because the certification only applies if the system is broadly useless.