Red Hat Enterprise Linux, Version 6.2 On 32 Bit X86 .

Red Hat Enterprise Linux, Version 6.2 on 32 bitx86 ArchitectureVersion:Status:Last Update:Classification:2.6Released2014-08-12Public

Red Hat, Inc.Red Hat Enterprise Linux, Version 6.2 on 32 bit x86ArchitectureTrademarksRed Hat and the Red Hat logo are trademarks or registered trademarks of Red Hat, Inc. in the UnitedStates, other countries, or both.atsec is a trademark of atsec information security GmbHLinux is a registered trademark of Linus Torvalds.UNIX is a registered trademark of The Open Group in the United States and other countries.IBM, IBM logo, bladecenter, eServer, iSeries, OS/400, , POWER3, POWER4, POWER4 , pSeries,System p, POWER5, POWER5 , POWER6, POWER6 , POWER7, POWER7 , System x, System z,S390, xSeries, zSeries, zArchitecture, and z/VM are trademarks or registered trademarks ofInternational Business Machines Corporation in the United States, other countries, or both.Intel, Xeon, and Pentium are trademarks of Intel Corporation in the United States, other countries,or both.This document is based in parts on the Red Hat Enterprise Linux Version 6.2 Security Target,Copyright 2012 by Red Hat, Inc. and atsec information security corp.Legal NoticeThis document is provided AS IS with no express or implied warranties. Use the information in thisdocument at your own risk.This document may be reproduced or distributed in any form without prior permission provided thecopyright notice is retained on all copies. Modified versions of this document may be freely distributedprovided that they are clearly identified as such, and this copyright is included intact.Revision HistoryRevision DateAuthor(s)Changes to Previous Revision2.02013-10-08 Stephan Mueller Initial version of ST2.12013-11-07 Stephan Mueller Evaluator comments2.22013-12-20 Stephan Mueller Editorial changes2.32014-02-06 Stephan Mueller Remove init from partial RELRO claim2.42014-03-17 Stephan Mueller Refer to 6.2.z packages2.52014-03-26 Stephan Mueller Editorial fixes2.62014-08-12 Stephan Mueller Changes based on BSI commentsVersion: 2.6Last update: 2014-08-12Classification: PublicCopyright 2014 by Red Hat and atsec information securityPage 2 of 100

Red Hat, Inc.Red Hat Enterprise Linux, Version 6.2 on 32 bit x86ArchitectureTable of Contents1Introduction . 81.1 Security Target Identification . 81.2 TOE Identification . 81.3 TOE Type . 81.4 TOE Overview . 81.4.1 Configurations defined with this ST . 81.4.2 Overview description . 81.4.3 Compliance with STIG and other standards . 81.4.4 Required Hardware and Software . 81.4.5 Intended Method of Use . 91.4.5.1 General-purpose computing environment . 91.4.5.2 Operating environment . 91.4.6 Major Security Features . 101.5 TOE Description . 101.5.1 Introduction . 101.5.2 TOE boundaries . 101.5.2.1 Physical . 101.5.2.2 Logical . 111.5.2.3 Configurations . 131.5.2.4 TOE Environment . 141.5.2.5 Security Policy Model . 142CC Conformance Claim . 163Security Problem Definition .3.1 Threat Environment .3.1.1 Assets .3.1.2 Threat Agents .3.1.3 Threats countered by the TOE .3.2 Assumptions .3.2.1 Environment of use of the TOE .3.2.1.1 Physical .3.2.1.2 Personnel .3.2.1.3 Procedural .3.2.1.4 Connectivity .3.3 Organizational Security Policies .1717171717181818191919204Security Objectives .4.1 Objectives for the TOE .4.2 Objectives for the Operational Environment .4.3 Security Objectives Rationale .4.3.1 Coverage .4.3.2 Sufficiency .2121222323255Extended Components Definition . 305.1 Class FCS: Cryptographic support . 30Version: 2.6Last update: 2014-08-12Classification: PublicCopyright 2014 by Red Hat and atsec information securityPage 3 of 100

Red Hat, Inc.Red Hat Enterprise Linux, Version 6.2 on 32 bit x86Architecture65.1.1 Random number generation (RNG) .5.1.1.1 FCS RNG.1 - Random number generation (Class DRG.2) .5.2 Class FDP: User data protection .5.2.1 Confidentiality protection (FDP CDP) .5.2.1.1 FDP CDP.1 - Confidentiality for data at rest .3030313131Security Requirements .6.1 TOE Security Functional Requirements .6.1.1 General-purpose computing environment .6.1.1.1 Audit data generation (FAU GEN.1) .6.1.1.2 User identity association (FAU GEN.2) .6.1.1.3 Audit review (FAU SAR.1) .6.1.1.4 Restricted audit review (FAU SAR.2) .6.1.1.5 Selectable audit review [OSPP-AUD] (FAU SAR.3(AUD)) .6.1.1.6 Selective audit (FAU SEL.1) .6.1.1.7 Protected audit trail storage (FAU STG.1) .6.1.1.8 Action in case of possible audit data loss (FAU STG.3) .6.1.1.9 Prevention of audit data loss (FAU STG.4) .6.1.1.10 Cryptographic key generation (FCS CKM.1(SYM)) .6.1.1.11 Cryptographic key generation (FCS CKM.1(RSA)) .6.1.1.12 Cryptographic key generation (FCS CKM.1(DSA)) .6.1.1.13 Cryptographic key distribution (FCS CKM.2(NET)) .6.1.1.14 Cryptographic key destruction (FCS CKM.4) .6.1.1.15 Cryptographic operation (FCS COP.1(NET)) .6.1.1.16 Cryptographic operation (FCS COP.1(CP)) .6.1.1.17 Random number generation (Class DRG.2) (FCS RNG.1(SSH-DFLT)) .6.1.1.18 Random number generation (Class DRG.2) (FCS RNG.1(SSH-FIPS)) .6.1.1.19 Random number generation (Class DRG.2) (FCS RNG.1(DM-INIT)) .6.1.1.20 Random number generation (Class DRG.2) (FCS RNG.1(DM-RUN)) .6.1.1.21 Random number generation (Class DRG.2) (FCS RNG.1(DM-FIPS)) .6.1.1.22 Subset access control (FDP ACC.1(PSO)) .6.1.1.23 Subset access control (FDP ACC.1(TSO)) .6.1.1.24 Security attribute based access control (FDP ACF.1(PSO)) .6.1.1.25 Security attribute based access control (FDP ACF.1(TSO)) .6.1.1.26 Complete information flow control (FDP IFC.2(NI)) .6.1.1.27 Simple security attributes (FDP IFF.1(NI-IPTables)) .6.1.1.28 Simple security attributes (FDP IFF.1(NI-ebtables)) .6.1.1.29 Import of user data with security attributes (FDP ITC.2(BA)) .6.1.1.30 Full residual information protection (FDP RIP.2) .6.1.1.31 Full residual information protection of resources (FDP RIP.3) .6.1.1.32 Authentication failure handling (FIA AFL.1) .6.1.1.33 User attribute definition (FIA ATD.1(HU)) .6.1.1.34 User attribute definition (FIA ATD.1(TU)) .6.1.1.35 Verification of secrets (FIA SOS.1) .6.1.1.36 Timing of authentication (FIA UAU.1) .6.1.1.37 Multiple authentication mechanisms (FIA UAU.5) 6464748495051525252525353535454Version: 2.6Last update: 2014-08-12Classification: PublicCopyright 2014 by Red Hat and atsec information securityPage 4 of 100

Red Hat, Inc.Red Hat Enterprise Linux, Version 6.2 on 32 bit x86Architecture6.1.1.38 Protected authentication feedback (FIA UAU.7) .6.1.1.39 Timing of identification (FIA UID.1) .6.1.1.40 Enhanced user-subject binding (FIA USB.2) .6.1.1.41 Failure with preservation of secure state - full buffer overflow protection(FPT FLS.1(FULL)) .6.1.1.42 Failure with preservation of secure state - partial buffer overflow protection(FPT FLS.1(PARTIAL)) .6.1.1.43 Reliable time stamps (FPT STM.1) .6.1.1.44 Inter-TSF basic TSF data consistency (FPT TDC.1(BA)) .6.1.1.45 TSF-initiated session locking (FTA SSL.1) .6.1.1.46 User-initiated locking (FTA SSL.2) .6.1.1.47 Inter-TSF trusted channel (FTP ITC.1) .6.1.2 Confidentiality protection of data at rest .6.1.2.1 Complete access control (FDP ACC.2(CP)) .6.1.2.2 Security attribute based access control (FDP ACF.1(CP)) .6.1.2.3 Confidentiality for data at rest (FDP CDP.1(CP)) .6.1.3 Management related functionality .6.1.3.1 Management of object security attributes (FMT MSA.1(PSO)) .6.1.3.2 Management of object security attributes (FMT MSA.1(TSO)) .6.1.3.3 Management of security attributes (FMT MSA.1(CP)) .6.1.3.4 Static attribute initialisation (FMT MSA.3(PSO)) .6.1.3.5 Static attribute initialisation (FMT MSA.3(TSO)) .6.1.3.6 Static attribute initialisation (FMT MSA.3(NI)) .6.1.3.7 Static attribute initialisation (FMT MSA.3(CP)) .6.1.3.8 Security attribute value inheritance (FMT MSA.4(PSO)) .6.1.3.9 Management of TSF data (FMT MTD.1(AE)) .6.1.3.10 Management of TSF data (FMT MTD.1(AS)) .6.1.3.11 Management of TSF data (FMT MTD.1(AT)) .6.1.3.12 Management of TSF data (FMT MTD.1(AF)) .6.1.3.13 Management of TSF data (FMT MTD.1(NI)) .6.1.3.14 Management of TSF data (FMT MTD.1(IAT)) .6.1.3.15 Management of TSF data (FMT MTD.1(IAF)) .6.1.3.16 Management of TSF data (FMT MTD.1(IAU)) .6.1.3.17 Management of TSF data (FMT MTD.1(SSH)) .6.1.3.18 Management of TSF data (FMT MTD.1(SSL)) .6.1.3.19 Management of TSF data [OSPP-AUD] (FMT MTD.1(AUD-AE)) .6.1.3.20 Management of TSF data [OSPP-AUD] (FMT MTD.1(AUD-AS)) .6.1.3.21 Management of TSF data [OSPP-AUD] (FMT MTD.1(AUD-AT)) .6.1.3.22 Management of TSF data [OSPP-AUD] (FMT MTD.1(AUD-AF)) .6.1.3.23 Management of TSF data (FMT MTD.1(CP-AN)) .6.1.3.24 Management of TSF data (FMT MTD.1(CP-UD)) .6.1.3.25 Revocation (FMT REV.1(OBJ)) .6.1.3.26 Revocation (FMT REV.1(USR)) .6.1.3.27 Specification of management functions (FMT SMF.1) .6.1.3.28 Security management roles (FMT SMR.2) .Version: 2.6Last update: 2014-08-12Classification: PublicCopyright 2014 by Red Hat and atsec information 63636464646465656565656666666667676767676868Page 5 of 100

Red Hat, Inc.Red Hat Enterprise Linux, Version 6.2 on 32 bit x86Architecture6.2 Security Functional Requirements Rationale .6.2.1 Coverage .6.2.2 Sufficiency .6.2.3 Security requirements dependency analysis .6.3 Security Assurance Requirements .6.4 Security Assurance Requirements Rationale .6969727579807TOE Summary Specification .7.1 TOE Security Functionality .7.1.1 Audit .7.1.1.1 Audit functionality .7.1.1.2 Audit trail .7.1.1.3 Centralized audit collection and management .7.1.2 Cryptographic services .7.1.2.1 SSHv2 Protocol .7.1.3 Packet filter .7.1.3.1 Network layer filtering .7.1.3.2 Link layer filtering .7.1.4 Identification and Authentication .7.1.4.1 PAM-based identification and authentication mechanisms .7.1.4.2 User Identity Changing .7.1.4.3 Authentication Data Management .7.1.4.4 SSH key-based authentication .7.1.4.5 Session locking .7.1.5 Discretionary Access Control .7.1.5.1 Permission bits .7.1.5.2 Access Control Lists (ACLs) .7.1.5.3 File system objects .7.1.5.4 IPC objects .7.1.5.5 at and cron jobs queues .7.1.6 Confidentiality protected data storage .7.1.7 Security

RedHatEnterpriseLinux,Version6.2on32bit x86Architecture Version: 2.6 Statu