[redhat-lspp] File Integrity Tests from RBAC
Linda Knippers
linda.knippers at hp.com
Tue Oct 4 17:20:15 UTC 2005
Steve Grubb wrote:
> On Tuesday 04 October 2005 12:29, Linda Knippers wrote:
> I'll agree that it should know the files and permissions, but will it
> know the labels and the contents of the config files?
If the labels and the contents of the config files matter (and
they would, wouldn't they?), then the configuration script would
be verify or set the information at configuration time and then
be able to verify it later.
> Also, does it need to ensure that the version of the executable
> hasn't been altered?
To meet FPT_TST.1.3, it probably would.
> And how does upgrades work? If there is a software update to fix a
> security problem, is the Integrity test suite now broken?
If only authorized users can install software, including security
updates, then the script could check that the software still matches
what was installed, either at configuration time or with an update, and
still has the appropriate permissions and labels as required
for the LSPP configuration. If the configuration script is
changing permissions or labels, then you'd probably want to re-run
it after any update in case the update reset anything that the
configuration script changed.
-- ljk
More information about the redhat-lspp
mailing list