1 Acumen Security, LLC. Document Version: 1.1 Red Hat Enterprise Linux 7.6 Security Target 2 Table Of Contents 1 Security Target Introduction.................................................................................................................5 1.1 Security Target and TOE Reference .................................................................................................5 1.2 TOE Overview...................................................................................................................................5 1.3 TOE Architecture..............................................................................................................................5 1.3.1 TOE Evaluated Configuration ....................................................................................................5 1.3.2 Physical Boundaries...................................................................................................................5 1.3.3 Security Functions provided by the TOE ...................................................................................5 1.3.4 TOE Documentation ..................................................................................................................8 1.3.5 Other References ......................................................................................................................8 2 Conformance Claims.............................................................................................................................9 2.1 CC Conformance ..............................................................................................................................9 2.2 Protection Profile Conformance ......................................................................................................9 2.3 Conformance Rationale ...................................................................................................................9 2.3.1 Technical Decisions ...................................................................................................................9 3 Security Problem Definition................................................................................................................10 3.1 Threats ...........................................................................................................................................10 3.2 Assumptions...................................................................................................................................10 3.3 Organizational Security Policies.....................................................................................................10 4 Security Objectives..............................................................................................................................11 4.1 Security Objectives for the Operational Environment...................................................................11 5 Security Requirements........................................................................................................................12 5.1 Conventions ...................................................................................................................................12 5.2 Security Functional requirements..................................................................................................13 5.2.1 Security Audit (FAU) ................................................................................................................13 5.2.2 Cryptographic Support (FCS)...................................................................................................14 5.2.3 User Data Protection (FDP) .....................................................................................................19 5.2.4 Identification and Authentication (FIA)...................................................................................19 5.2.5 Security Management (FMT)...................................................................................................20 5.2.6 Protection of the TSF (FPT)......................................................................................................21 5.2.7 TOE Access (FTA) .....................................................................................................................22 5.2.8 Trusted path/channels (FTP)...................................................................................................23 5.3 TOE SFR Dependencies Rationale for SFRs ....................................................................................23 5.4 Security Assurance Requirements .................................................................................................23 3 5.5 Rationale for Security Assurance Requirements ...........................................................................24 5.6 Assurance Measures......................................................................................................................24 6 TOE Summary Specification................................................................................................................26 6.1 Position Independent Executables ................................................................................................33 6.2 Cryptographic Keys ........................................................................................................................36 6.3 Stack Smashing Protection.............................................................................................................37 4 Revision History Version Date Description 0.1 January 2019 Initial Draft 0.2 May 2019 Updated with additional detail 0.3 July 2019 Updated based on Red Hat input and GPOS PP v4.2.1 0.4 August 2019 Updated based on test findings 0.5 August 2019 Minor updates 0.6 September 2019 Minor updates 0.7 February 2020 Updated claims. 0.8 March 2020 Updated TDs. 0.9 April 2020 Updated based on internal review. 1.0 April 2020 Updated for submission. 1.1 June 2020 Updated based on ECR comments. 5 1 Security Target Introduction 1.1 Security Target and TOE Reference This section provides information needed to identify and control this ST and its TOE. Category Identifier ST Title Red Hat Enterprise Linux 7.6 Security Target ST Version 1.1 ST Date June 2020 ST Author Acumen Security, LLC. TOE Identifier Red Hat Enterprise Linux TOE Software Version 7.6 TOE Developer Red Hat, Inc. Key Words Operating System, SSH, TLS, Linux Table 1 TOE/ST Identification 1.2 TOE Overview Red Hat® Enterprise Linux® is the world’s leading enterprise Linux platform. It’s an open source operating system (OS) that supports multiple users, user permissions, access controls, and cryptographic functionality. 1.3 TOE Architecture 1.3.1 TOE Evaluated Configuration The TOE also supports secure connectivity with several other IT environment devices as described in Table 2 below, Component Required Usage/Purpose Description for TOE performance TOE HW Platform Yes x86_64 platform to run the TOE on. The platform must protect the TOE from hardware vulnerabilities, support UEFI Secure Boot, and provide network connectivity. Workstation with SSH Client No This includes any IT Environment Management workstation with an SSH client installed that is used by the TOE users (including administrators) to remotely connect to the TOE through SSH protected channels. Any SSH client that supports SSHv2 may be used. Audit Server No The audit server is used for remote storage of audit records that have been generated by and transmitted from the TOE. Update Server Yes Provides the ability to check for updates to the TOE as well as providing signed updates. Table 2 IT Environment Components 1.3.2 Physical Boundaries The TOE itself does not have physical boundaries; however, the TOE was evaluated on a Dell Inc. PowerEdge R630 with an Intel(R) Xeon(R) E5-2620v4. 1.3.3 Security Functions provided by the TOE The TOE provides the security functionality required by [GPOSPP] and [SSHEP]. 1.3.3.1 Security Audit The TOE generates and stores audit events using the Lightweight Audit Framework (LAF). The LAF is designed to be an audit system making Linux compliant with the requirements from Common Criteria by 6 intercepting all system calls and receiving audit events from privileged user space applications. The framework allows configuring the events to be recorded from the set of all events that are possible to be audited. Each audit record contains the date and time of event, type of event, subject identity, user identity and results (success/fail) of the action if applicable. 1.3.3.2 Cryptographic Support The TOE provides a broad range of cryptographic support; providing SSHv2 and TLSv1.2 protocol implementations in addition to individual cryptographic algorithms. The cryptographic services provided by the TOE are described below. Cryptographic Protocol Use within the TOE SSH Client The TOE allows administrators and users to connect to remote SSH servers. SSH Server The TOE allows remote administrators to connect using SSH. TLS Client The TOE connects to remote trusted IT entities using TLS. Table 3 TOE Cryptographic Protocols The TOE includes two cryptographic libraries/implementations. Each of these cryptographic algorithms have been validated for conformance to the requirements specified in their respective standards, as identified below. Algorithm Related SFRs TOE Use CAVP Certificate # OpenSSL Version 7.0 AES FCS_COP.1(1) FCS_COP.1(1)/SSH FCS_SSHC_EXT.1 FCS_SSHS_EXT.1 FCS_TLSC_EXT.1 FCS_STO_EXT.1 SSH AES CBC and CTR modes with 128 and 256-bit keys TLS AES CBC and GCM modes with 128 and 256-bit keys File Encryption using AES CBC with 128 and 256-bit keys C1443 Diffie- Hellman FCS_CKM.2 FCS_SSHC_EXT.1 FCS_SSHS_EXT.1 FCS_TLSC_EXT.1 SSH Diffie-Hellman Group 14 Key Establishment TLS Diffie-Hellman Group 14 Key Establishment N/A DRBG FCS_DRBG_EXT.1 CTR_DRBG (AES-256) C1443 ECDSA FCS_CKM.1 FCS_COP.1(3) FCS_SSHC_EXT.1 FCS_SSHS_EXT.1 FCS_TLSC_EXT.1 FCS_TLSC_EXT.2 FCS_TLSC_EXT.4 SSH ECDSA P-256 and P-384 Host Key and User Key Generation SSH EC Diffie-Hellman P-256, P-384, and P-521 Key Generation SSH ECDSA P-256 and P-384 Host and User Signature Generation and Verification TLS ECDSA P-256, P-384, and P-521 Client Key Generation TLS EC Diffie-Hellman P-256, P-384, and P-521 Key Generation TLS ECDSA P-256, P-384, and P-521 Signature Generation and Verification C1443 HMAC FCS_COP.1(4) FCS_SSHC_EXT.1 FCS_SSHS_EXT.1 FCS_TLSC_EXT.1 SSH HMAC-SHA-256 and HMAC-SHA-512 TLS HMAC-SHA-1, HMAC-SHA-256, and HMAC-SHA-384 TLS HMAC-SHA-256 and HMAC-SHA-384 Key Derivation C1443 7 Algorithm Related SFRs TOE Use CAVP Certificate # KAS FCS_CKM.2 FCS_SSHC_EXT.1 FCS_SSHS_EXT.1 FCS_TLSC_EXT.2 SSH EC Diffie-Hellman P-256, P-384, and P-521 Key Establishment TLS EC Diffie-Hellman P-256, P-384, and P-521 Key Establishment C1443 RSA FCS_CKM.1 FCS_CKM.2 FCS_COP.1(3) FCS_SSHC_EXT.1 FCS_SSHS_EXT.1 FCS_TLSC_EXT.1 FPT_TST_EXT.1 SSH RSA 2048-bit and 3072-bit Host Key and User Key Generation SSH RSA 2048-bit and 3072-bit Host and User Signature Generation and Verification TLS RSA 2048-bit and 3072-bit Key Establishment TLS RSA 2048-bit and 3072-bit Signature Verification Self-Test RSA 2048 Signature Verification C1443 Vendor Affirmed for Key Establishment uses SHS FCS_COP.1(2) FCS_SSHC_EXT.1 FCS_SSHS_EXT.1 SSH SHA-1, SHA-256, SHA-384, and SHA-512 Key Derivation SHA-1, SHA-256, SHA-384, and SHA-512 for Digital Signatures and HMACs C1443 NSS v6.0 RSA FCS_COP.1(3) FPT_TUD_EXT.1 FPT_TUD_EXT.2 Trusted Update RSA 4096 Signature Verification C1624 SHS FCS_COP.1(2) SHA-256 for Digital Signatures C1624 Table 4 CAVP Algorithm Testing References The OpenSSL library provides TLS Client functions that may be used by applications. The OpenSSL library also provides the cryptographic algorithms for the SSH Client, SSH Server, and Secure Boot functionality. The NSS library provides the cryptographic algorithms for Trusted Update functionality. 1.3.3.3 User Data Protection Discretionary Access Control (DAC) allows the TOE to assign owners to file system objects and Inter- Process Communication (IPC) objects. The owners are allowed to modify Unix-type permission bits for these objects to permit or deny access for other users or groups. The DAC mechanism also ensures that untrusted users cannot tamper with the TOE mechanisms. The TOE also implements POSIX Access Control Lists (ACLs) that allow the specification of the access to individual file system objects down to the granularity of a single user. 1.3.3.4 Identification and Authentication User identification and authentication in the TOE includes all forms of interactive login (e.g. using the SSH protocol or log in at the local console) as well as identity changes through the su or sudo command. These all rely on explicit authentication information provided interactively by a user. The authentication security function allows password-based authentication. For SSH access, public-key- based authentication is also supported. Password quality enforcement mechanisms are offered by the TOE which are enforced at the time when the password is changed. 1.3.3.5 Security Management The security management facilities provided by the TOE are usable by authorized users and/or authorized administrators to modify the configuration of TSF. 8 1.3.3.6 Protection of the TSF The TOE implements self-protection mechanisms that protect the security mechanisms of the TOE as well as software executed by the TOE. The following self-protection mechanisms are implemented and enforced: • Address Space Layout Randomization for user space code. • Stack buffer overflow protection using stack canaries. • Secure Boot ensuring that the boot chain up to and including the kernel together with the boot image (initramfs) is not tampered with. • Updates to the operating system are only installed after their signatures have been successfully validated. 1.3.3.7 TOE Access The TOE displays informative banners before users are allowed to establish a session. 1.3.3.8 Trusted Path/Channels The TOE supports TLSv1.2 and SSHv2 to secure remote communications. Both protocols may be used for communications with remote IT entities. Remote administration is only supported using SSHv2. 1.3.4 TOE Documentation • [ST] Red Hat Enterprise Linux 7.6 Security Target, Version 1.1 • [AGD] Guide to the Secure Configuration of Red Hat Enterprise Linux 7, Version 1.4 1.3.5 Other References • Protection Profile for General Purpose Operating Systems, Version 4.2.1 [GPOSPP] • Extended Package for Secure Shell (SSH), Version 1.0 [SSHEP] 9 2 Conformance Claims 2.1 CC Conformance This TOE is conformant to: • Common Criteria for Information Technology Security Evaluations Part 1, Version 3.1, Revision 5, April 2017 • Common Criteria for Information Technology Security Evaluations Part 2, Version 3.1, Revision 5, April 2017: Part 2 extended • Common Criteria for Information Technology Security Evaluations Part 2, Version 3.1, Revision 5, April 2017: Part 3 extended 2.2 Protection Profile Conformance This TOE is conformant to: • Protection Profile for General Purpose Operating Systems, Version 4.2.1 [GPOSPP] • Extended Package for Secure Shell (SSH), Version 1.0 [SSHEP] 2.3 Conformance Rationale This Security Target provides exact conformance to the [GPOSPP] and [SSHEP]. The security problem definition, security objectives and security requirements in this Security Target are all taken from the Protection Profile performing only operations defined there. 2.3.1 Technical Decisions All NIAP Technical Decisions (TDs) issued to date that are applicable to the [GPOSPP] and [SSHEP] have been addressed. The following table identifies all applicable TD: Identifier Applicable Exclusion Rationale (if applicable) TD0496 – GPOS PP adds allow-with statement for VPN Client V2.1 Yes TD0493 – X.509v3 certificates when using digital signatures for Boot Integrity Yes TD0463 – Clarification for FPT_TUD_EXT Yes TD0441 – Updated TLS Ciphersuites of OS PP Yes TD0386 – Platform-Provided Verification of Update Yes TD0365 – FCS_CKM_EXT.4 selections Yes Table 5 GPOS Technical Decisions Identifier Applicable Exclusion Rationale (if applicable) TD0446 – Missing selections for SSH Yes TD0420 – Conflict in FCS_SSHC_EXT.1.1 and FCS_SSHS_EXT.1.1 Yes TD0332 – Support for RSA SHA2 host keys Yes TD0331 – SSH Rekey Testing Yes TD0240 – FCS_COP.1.1(1) Platform provided crypto for encryption/decryption Yes Table 6 SSH EP Technical Decisions 10 3 Security Problem Definition The security problem definition has been taken from the [GPOSPP]. It is reproduced here for the convenience of the reader. The security problem is described in terms of the threats that the TOE is expected to address, assumptions about the operational environment, and any organizational security policies that the TOE is expected to enforce. 3.1 Threats The following threats are drawn directly from the [GPOSPP]. ID Threat T.NETWORK_ATTACK An attacker is positioned on a communications channel or elsewhere on the network infrastructure. Attackers may engage in communications with applications and services running on or part of the OS with the intent of compromise. Engagement may consist of altering existing legitimate communications. T.NETWORK_EAVESDROP An attacker is positioned on a communications channel or elsewhere on the network infrastructure. Attackers may monitor and gain access to data exchanged between applications and services that are running on or part of the OS. T.LOCAL_ATTACK An attacker may compromise applications running on the OS. The compromised application may provide maliciously formatted input to the OS through a variety of channels including unprivileged system calls and messaging via the file system. T.LIMITED_PHYSICAL_ACCESS An attacker may attempt to access data on the OS while having a limited amount of time with the physical device. Table 7 Threats 3.2 Assumptions The following assumptions are drawn directly from the [GPOSPP]. ID Assumption A.PLATFORM The OS relies upon a trustworthy computing platform for its execution. This underlying platform is out of scope of this PP. A.PROPER_USER The user of the OS is not willfully negligent or hostile, and uses the software in compliance with the applied enterprise security policy. At the same time, malicious software could act as the user, so requirements which confine malicious subjects are still in scope. A.PROPER_ADMIN The administrator of the OS is not careless, willfully negligent or hostile, and administers the OS within compliance of the applied enterprise security policy. Table 8 Assumptions 3.3 Organizational Security Policies The [GPOSPP] and [SSHEP] do not define any OSPs. 11 4 Security Objectives 4.1 Security Objectives for the Operational Environment The following security objectives for the operational environment assist the TOE in correctly providing its security functionality. These track with the assumptions about the environment. The security objectives have been taken from the [GPOSPP]. They are reproduced here for the convenience of the reader. ID Objective for the Operation Environment OE.PLATFORM The OS relies on being installed on trusted hardware. OE.PROPER_USER The user of the OS is not willfully negligent or hostile, and uses the software within compliance of the applied enterprise security policy. Standard user accounts are provisioned in accordance with the least privilege model. Users requiring higher levels of access should have a separate account dedicated for that use. OE.PROPER_ADMIN The administrator of the OS is not careless, willfully negligent or hostile, and administers the OS within compliance of the applied enterprise security policy. Table 9 Objectives for the Operational Environment 12 5 Security Requirements This section identifies the Security Functional Requirements for the TOE. The Security Functional Requirements included in this section are derived from Part 2 of the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, dated: April 2017 and all international interpretations. Requirement Description FAU_GEN.1 Audit Data Generation (Refined) FCS_CKM.1 Cryptographic Key Generation (Refined) FCS_CKM.2 Cryptographic Key Establishment (Refined) FCS_CKM_EXT.4 Cryptographic Key Destruction FCS_COP.1(1) Cryptographic Operation - Encryption/Decryption (Refined) FCS_COP.1(1)/SSH Cryptographic Operation - Encryption/Decryption (Refined) FCS_COP.1(2) Cryptographic Operation - Hashing (Refined) FCS_COP.1(3) Cryptographic Operation - Signing (Refined) FCS_COP.1(4) Cryptographic Operation - Keyed-Hash Message Authentication (Refined) FCS_RBG_EXT.1 Random Bit Generation FCS_STO_EXT.1 Storage of Sensitive Data FCS_SSH_EXT.1 SSH Protocol FCS_SSHC_EXT.1 SSH Protocol - Client FCS_SSHS_EXT.1 SSH Protocol - Server FCS_TLSC_EXT.1 TLS Client Protocol FCS_TLSC_EXT.2 TLS Client Protocol FDP_ACF_EXT.1 Access Controls for Protecting User Data FIA_AFL.1 Authentication Failure Management (Refined) FIA_UAU.5 Multiple Authentication Mechanisms (Refined) FIA_X509_EXT.1 X.509 Certificate Validation FIA_X509_EXT.2 X.509 Certificate Authentication FMT_MOF_EXT.1 Management of security functions behavior FMT_SMF_EXT.1 Specification of Management Functions FPT_ACF_EXT.1 Access controls FPT_ASLR_EXT.1 Address Space Layout Randomization FPT_SBOP_EXT.1 Stack Buffer Overflow Protection FPT_TST_EXT.1 Boot Integrity FPT_TUD_EXT.1 Trusted Update FPT_TUD_EXT.2 Trusted Update for Application Software FTA_TAB.1 Default TOE access banners FTP_ITC_EXT.1 Trusted channel communication FTP_TRP.1 Trusted Path Table 10 SFRs 5.1 Conventions The CC defines operations on Security Functional Requirements: assignments, selections, assignments within selections and refinements. This document uses the following font conventions to identify the operations defined by the CC: 13 • Assignment: Indicated with italicized text; • Refinement: Indicated with bold text; • Selection: Indicated with underlined text; • Iteration: Indicated by appending the SFR name with a slash and unique identifier suggesting the purpose of the iteration, e.g. ‘/SSH for an SFR relating to SSH functionality and/or a sequential number in parentheses, e.g. (1). • Where operations were completed in the PP, EP, or Module itself; the formatting used in the PP, EP, or Module has been retained. Extended SFRs are identified by having a label ‘EXT’ after the requirement name. Formatting conventions outside of operations matches the formatting specified within the PP, EP, or Module. 5.2 Security Functional requirements 5.2.1 Security Audit (FAU) 5.2.1.1 FAU_GEN.1 Audit Data Generation (Refined) FAU_GEN.1.1 The OS shall be able to generate an audit record of the following auditable events: a. Start-up and shut-down of the audit functions; b. All auditable events for the [not specified] level of audit; and [ c. ● Authentication events (Success/Failure); • Use of privileged/special rights events (Successful and unsuccessful security, audit, and configuration changes); • Privilege or role escalation events (Success/Failure); • [ ▪ File and object events (Successful and unsuccessful attempts to create, access, delete, modify, modify permissions), ▪ User and Group management events (Successful and unsuccessful add, delete, modify, disable, enable, and credential change), ▪ Audit and log data access events (Success/Failure), ▪ Cryptographic verification of software (Success/Failure), ▪ System reboot, restart, and shutdown events (Success/Failure), ▪ Kernel module loading and unloading events (Success/Failure), ▪ Administrator or root-level access events (Success/Failure). ] ]. FAU_GEN.1.2 The OS shall record within each audit record at least the following information: a) Date and time of the event, type of event, subject identity (if applicable), and the outcome (success or failure) of the event; and b) For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, [no other information] 14 5.2.2 Cryptographic Support (FCS) 5.2.2.1 FCS_CKM.1 Cryptographic Key Generation (Refined) FCS_CKM.1.1 The OS shall generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm [ • RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, "Digital Signature Standard (DSS)", Appendix B.3 , • ECC schemes using "NIST curves" P-256, P-384 and [P-521] that meet the following: FIPS PUB 186-4, "Digital Signature Standard (DSS)", Appendix B.4 , ] and specified cryptographic key sizes [assignment: cryptographic key sizes] that meet the following: [assignment: list of standards] . 5.2.2.2 FCS_CKM.2 Cryptographic Key Establishment (Refined) FCS_CKM.2.1 The OS shall implement functionality to perform cryptographic key establishment in accordance with a specified cryptographic key establishment method: [RSA-based key establishment schemes] that meets the following: [NIST Special Publication 800-56B, “Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography”] and [ • Elliptic curve-based key establishment schemes that meets the following: NIST Special Publication 800-56A, "Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography", • Finite field-based key establishment schemes that meets the following: NIST Special Publication 800-56A, "Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography", ] that meets the following: [assignment: list of standards] . 5.2.2.3 FCS_CKM_EXT.4 Cryptographic Key Destruction FCS_CKM_EXT.4.1 The OS shall destroy cryptographic keys and key material in accordance with a specified cryptographic key destruction method [ • For volatile memory, the destruction shall be executed by a [ o single overwrite consisting of [zeroes], ], • For non-volatile memory that consists of [ o the invocation of an interface provided by the underlying platform that [ o instructs the underlying platform to destroy the abstraction that represents the key], ] ]. 15 FCS_CKM_EXT.4.2 The OS shall destroy all keys and key material when no longer needed. 5.2.2.4 FCS_COP.1(1) Cryptographic Operation - Encryption/Decryption (Refined) FCS_COP.1.1(1) The OS shall perform [encryption/decryption services for data] in accordance with a specified cryptographic algorithm [ • AES-CBC (as defined in NIST SP 800-38A) ] and [ • AES-GCM (as defined in NIST SP 800-38D), ] and cryptographic key sizes [128-bit, 256-bit] that meet the following: [assignment: list of standards]. 5.2.2.5 FCS_COP.1(1)/SSH Cryptographic Operation - Encryption/Decryption (Refined) FCS_COP.1.1(1)/SSH The SSH software shall [invoke platform-provided] encryption/decryption services for data in accordance with a specified cryptographic algorithm AES-CTR (as defined in NIST SP 800-38A) mode and cryptographic key sizes [128-bit, 256-bit]. 5.2.2.6 FCS_COP.1(2) Cryptographic Operation - Hashing (Refined) FCS_COP.1.1(2) The OS shall perform [cryptographic hashing services] in accordance with a specified cryptographic algorithm [SHA-1 and [ • SHA-256, • SHA-384, • SHA-512 ]] and message digest sizes 160 bits and [ • 256 bits, • 384 bits, • 512 bits, ] that meet the following: [FIPS Pub 180-4]. 5.2.2.7 FCS_COP.1(3) Cryptographic Operation - Signing (Refined) FCS_COP.1.1(3) The OS shall perform [cryptographic signature services (generation and verification)] in accordance with a specified cryptographic algorithm [ • RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, "Digital Signature Standard (DSS)", Section 4, • ECDSA schemes using "NIST curves" P-256, P-384 and [P-521] that meet the following: FIPS PUB 186-4, "Digital Signature Standard (DSS)", Section 5 16 ] and cryptographic key sizes [assignment: cryptographic algorithm] that meet the following: [assignment: list of standards]. 5.2.2.8 FCS_COP.1(4) Cryptographic Operation - Keyed-Hash Message Authentication (Refined) FCS_COP.1.1(4) The OS shall perform [keyed-hash message authentication services] in accordance with a specified cryptographic algorithm [SHA-1, SHA-256, SHA-384, SHA-512] with key sizes [160 bits, 256 bits, 384 bits, 512 bits] and message digest sizes [160 bits, 256 bits, 384 bits, 512 bits] that meet the following: [FIPS Pub 198-1 The Keyed-Hash Message Authentication Code and FIPS Pub 180-4 Secure Hash Standard]. 5.2.2.9 FCS_RBG_EXT.1 Random Bit Generation FCS_RBG_EXT.1.1 The OS shall perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using [ • CTR_DRBG (AES) ] . FCS_RBG_EXT.1.2 The deterministic RBG used by the OS shall be seeded by an entropy source that accumulates entropy from a [ • platform-based noise source ] with a minimum of [ • 256 bits ] of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate. 5.2.2.10 FCS_STO_EXT.1 Storage of Sensitive Data FCS_STO_EXT.1.1 The OS shall implement functionality to encrypt sensitive data stored in non-volatile storage and provide interfaces to applications to invoke this functionality. 5.2.2.11 FCS_SSH_EXT.1 SSH Protocol FCS_SSH_EXT.1.1 The SSH software shall implement the SSH protocol that complies with RFCs 4251, 4252, 4253, 4254 and [5656, 6668] as a [client, server] 5.2.2.12 FCS_SSHC_EXT.1 SSH Protocol - Client FCS_SSHC_EXT.1.1 The SSH client shall ensure that the SSH protocol implementation supports the following authentication methods as described in RFC 4252: public key-based, and [password-based]. 17 FCS_SSHC_EXT.1.2 The SSH client shall ensure that, as described in RFC 4253, packets greater than [262,144] bytes in an SSH transport connection are dropped. FCS_SSHC_EXT.1.3 The SSH software shall ensure that the SSH transport implementation uses the following encryption algorithms and rejects all other encryption algorithms: aes128-ctr, aes256-ctr, [aes128-cbc, aes256-cbc]. FCS_SSHC_EXT.1.4 The SSH client shall ensure that the SSH transport implementation uses [rsa-sha2-512, ecdsa-sha2- nistp256] and [ecdsa-sha2-nistp384] as its public key algorithm(s) and rejects all other public key algorithms. FCS_SSHC_EXT.1.5 The SSH client shall ensure that the SSH transport implementation uses [hmac-sha2-256, hmac-sha2- 512] and [no other MAC algorithms] as its data integrity MAC algorithm(s) and rejects all other MAC algorithm(s). FCS_SSHC_EXT.1.6 The SSH client shall ensure that [diffie-hellman-group14-sha1, ecdh-sha2-nistp256] and [ecdh-sha2- nistp384, ecdh-sha2-nistp521] are the only allowed key exchange methods used for the SSH protocol. FCS_SSHC_EXT.1.7 The SSH server shall ensure that the SSH connection be rekeyed after [no more than 1 Gigabyte of data has been transmitted, no more than 1 hour] using that key. FCS_SSHC_EXT.1.8 The SSH client shall ensure that the SSH client authenticates the identity of the SSH server using a local database associating each host name with its corresponding public key or [no other methods] as described in RFC 4251 section 4.1. 5.2.2.13 FCS_SSHS_EXT.1 SSH Protocol - Server FCS_SSHS_EXT.1.1 The SSH server shall ensure that the SSH protocol implementation supports the following authentication methods as described in RFC 4252: public key-based, and [password-based]. FCS_SSHS_EXT.1.2 The SSH server shall ensure that, as described in RFC 4253, packets greater than [262,144] bytes in an SSH transport connection are dropped. FCS_SSHS_EXT.1.3 The SSH server shall ensure that the SSH transport implementation uses the following encryption algorithms and rejects all other encryption algorithms: aes128-ctr, aes256-ctr, [aes128-cbc, aes256-cbc]. FCS_SSHS_EXT.1.4 18 The SSH server shall ensure that the SSH transport implementation uses [ssh-rsa, rsa-sha2-256, rsa- sha2-512, ecdsa-sha2-nistp256] and [ecdsa-sha2-nistp384] as its public key algorithm(s) and rejects all other public key algorithms. FCS_SSHS_EXT.1.5 The SSH server shall ensure that the SSH transport implementation uses [hmac-sha2-256, hmac-sha2- 512] and [no other MAC algorithms] as its MAC algorithm(s) and rejects all other MAC algorithm(s). FCS_SSHS_EXT.1.6 The SSH server shall ensure that [diffie-hellman-group14-sha1, ecdh-sha2-nistp256] and [ecdh-sha2- nistp384, ecdh-sha2-nistp521] are the only allowed key exchange methods used for the SSH protocol. FCS_SSHS_EXT.1.7 The SSH server shall ensure that the SSH connection be rekeyed after [no more than 1 Gigabyte of data has been transmitted, no more than 1 hour] using that key. 5.2.2.14 FCS_TLSC_EXT.1 TLS Client Protocol FCS_TLSC_EXT.1.1 The OS shall implement TLS 1.2 (RFC 5246) supporting the following cipher suites: [ • TLS_RSA_WITH_AES_128_CBC_SHA as defined in RFC 5246, • TLS_RSA_WITH_AES_256_CBC_SHA as defined in RFC 5246, • TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246, • TLS_RSA_WITH_AES_256_CBC_SHA256 as defined in RFC 5246, • TLS_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5288, • TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288, • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246, • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 as defined in RFC 5246, • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5288, • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288, • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289, • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289, • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289, • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289, • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289, • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289, • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289, • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289 ]. FCS_TLSC_EXT.1.2 The TSF shall verify that the presented identifier matches the reference identifier per RFC 6125. FCS_TLSC_EXT.1.3 The TSF shall only establish a trusted channel if the peer certificate is valid. 19 5.2.2.15 FCS_TLSC_EXT.2 TLS Client Protocol FCS_TLSC_EXT.2.1 The OS shall present the Supported Groups Extension in the Client Hello with the following groups: [secp256r1, secp384r1, secp521r1]. 5.2.3 User Data Protection (FDP) 5.2.3.1 FDP_ACF_EXT.1 Access Controls for Protecting User Data FDP_ACF_EXT.1.1 The OS shall implement access controls which can prohibit unprivileged users from accessing files and directories owned by other users. 5.2.4 Identification and Authentication (FIA) 5.2.4.1 FIA_AFL.1 Authentication Failure Management (Refined) FIA_AFL.1.1 The OS shall detect when [ • an Administrator configurable positive integer within [0 (disabled) – 65,535] ] unsuccessful authentication attempts occur related to events with [ • authentication based on user name and password, ] . FIA_AFL.1.2 When the defined number of unsuccessful authentication attempts for an account has been met, the OS shall: [Account Lockout]. 5.2.4.2 FIA_UAU.5 Multiple Authentication Mechanisms (Refined) FIA_UAU.5.1 The OS shall provide the following authentication mechanisms [ • authentication based on user name and password, • for use in SSH only, SSH public key-based authentication as specified by the EP for Secure Shell ] to support user authentication. FIA_UAU.5.2 The OS shall authenticate any user's claimed identity according to the [ • username and password: used at the local console and over SSH: the TOE locally verifies the password hash matches the stored password hash associated with the provided username; • SSH public key: used over SSH: the TOE verifies the signature can be verified using a public key in the authorized_keys file associated with the provided username ]. 5.2.4.3 FIA_X509_EXT.1 X.509 Certificate Validation FIA_X509_EXT.1.1 20 The OS shall implement functionality to validate certificates in accordance with the following rules: • RFC 5280 certificate validation and certificate path validation. • The certificate path must terminate with a trusted CA certificate. • The OS shall validate a certificate path by ensuring the presence of the basicConstraints extension and that the CA flag is set to TRUE for all CA certificates. • The OS shall validate the revocation status of the certificate using [a Certificate Revocation List (CRL) as specified in RFC 5759] • The OS shall validate the extendedKeyUsage field according to the following rules: o Certificates used for trusted updates and executable code integrity verification shall have the Code Signing purpose (id-kp 3 with OID 1.3.6.1.5.5.7.3.3) in the extendedKeyUsage field. o Server certificates presented for TLS shall have the Server Authentication purpose (id-kp 1 with OID 1.3.6.1.5.5.7.3.1) in the extendedKeyUsage field. o Client certificates presented for TLS shall have the Client Authentication purpose (id-kp 2 with OID 1.3.6.1.5.5.7.3.2) in the extendedKeyUsage field. o S/MIME certificates presented for email encryption and signature shall have the Email Protection purpose (id-kp 4 with OID 1.3.6.1.5.5.7.3.4) in the extendedKeyUsage field. o OCSP certificates presented for OCSP responses shall have the OCSP Signing purpose (id- kp 9 with OID 1.3.6.1.5.5.7.3.9) in the extendedKeyUsage field. o (Conditional) Server certificates presented for EST shall have the CMC Registration Authority (RA) purpose (id-kp-cmcRA with OID 1.3.6.1.5.5.7.3.28) in the extendedKeyUsage field. FIA_X509_EXT.1.2 The OS shall only treat a certificate as a CA certificate if the basicConstraints extension is present and the CA flag is set to TRUE. 5.2.4.4 FIA_X509_EXT.2 X.509 Certificate Authentication FIA_X509_EXT.2.1 The OS shall use X.509v3 certificates as defined by RFC 5280 to support authentication for TLS and [HTTPS] connections. 5.2.5 Security Management (FMT) 5.2.5.1 FMT_MOF_EXT.1 Management of security functions behavior FMT_MOF_EXT.1.1 The OS shall restrict the ability to perform the function indicated in the "Administrator" column in FMT_SMF_EXT.1.1 to the administrator. 5.2.5.2 FMT_SMF_EXT.1 Specification of Management Functions FMT_SMF_EXT.1.1 The OS shall be capable of performing the following management functions: Management Function Administrator User Enable/disable [screen lock] X - 21 Management Function Administrator User Configure [screen lock] inactivity timeout X - Configure local audit storage capacity X - Configure minimum password length X - Configure minimum number of special characters in password X - Configure minimum number of numeric characters in password X - Configure minimum number of uppercase characters in password X - Configure minimum number of lowercase characters in password X - Configure lockout policy for unsuccessful authentication attempts through [timeouts between attempts] X - Configure host-based firewall X - Configure name/address of directory server with which to bind - - Configure name/address of remote management server from which to receive management settings - - Configure name/address of audit/logging server to which to send audit/logging records X - Configure audit rules X - Configure name/address of network time server X - Enable/disable automatic software update X - Configure WiFi interface - - Enable/disable Bluetooth interface - - Enable/disable [no other external interfaces] - - [no other management functions] - - Table 11 Management Functions Application Note: “X” indicates the TOE implements the management function at the indicated privilege level. 5.2.6 Protection of the TSF (FPT) 5.2.6.1 FPT_ACF_EXT.1 Access controls FPT_ACF_EXT.1.1 The OS shall implement access controls which prohibit unprivileged users from modifying: • Kernel and its drivers/modules • Security audit logs • Shared libraries • System executables • System configuration files • [no other objects] FPT_ACF_EXT.1.2 The OS shall implement access controls which prohibit unprivileged users from reading: • Security audit logs 22 • System-wide credential repositories • [no other objects] 5.2.6.2 FPT_ASLR_EXT.1 Address Space Layout Randomization FPT_ASLR_EXT.1.1 The OS shall always randomize process address space memory locations with [[at least 29]] bits of entropy except for [executables not listed in Section 6.1]. 5.2.6.3 FPT_SBOP_EXT.1 Stack Buffer Overflow Protection FPT_SBOP_EXT.1.1 The OS shall [employ stack-based buffer overflow protections]. 5.2.6.4 FPT_TST_EXT.1 Boot Integrity FPT_TST_EXT.1.1 The OS shall verify the integrity of the bootchain up through the OS kernel and [ • no other executable code ] prior to its execution through the use of [ • a digital signature using a hardware-protected asymmetric key ] . 5.2.6.5 FPT_TUD_EXT.1 Trusted Update FPT_TUD_EXT.1.1 The OS shall provide the ability to check for updates to the OS software itself and shall use a digital signature scheme specified in FCS_COP.1(3) to validate the authenticity of the response. FPT_TUD_EXT.1.2 The OS shall [cryptographically verify] updates to itself using a digital signature prior to installation using schemes specified in FCS_COP.1(3). 5.2.6.6 FPT_TUD_EXT.2 Trusted Update for Application Software FPT_TUD_EXT.2.1 The OS shall provide the ability to check for updates to application software and shall use a digital signature scheme specified in FCS_COP.1(3) to validate the authenticity of the response. FPT_TUD_EXT.2.2 The OS shall cryptographically verify the integrity of updates to applications using a digital signature specified by FCS_COP.1(3) prior to installation. 5.2.7 TOE Access (FTA) 5.2.7.1 FTA_TAB.1 Default TOE access banners FTA_TAB.1.1 23 Before establishing a user session, the OS shall display an advisory warning message regarding unauthorized use of the OS. 5.2.8 Trusted path/channels (FTP) 5.2.8.1 FTP_ITC_EXT.1 Trusted channel communication FTP_ITC_EXT.1.1 The OS shall use [ • TLS as conforming to FCS_TLSC_EXT.1, • SSH as conforming to the EP for Secure Shell ] to provide a trusted communication channel between itself and authorized IT entities supporting the following capabilities: [[application initiated TLS, remote administration via SSH, connections to remote SSH servers]] that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data. 5.2.8.2 FTP_TRP.1 Trusted Path FTP_TRP.1.1 The OS shall provide a communication path between itself and [remote, local] users that is logically distinct from other communication paths and provides assured identification of its endpoints and protection of the communicated data from [modification, disclosure]. FTP_TRP.1.2 The OS shall permit [local users, remote users] to initiate communication via the trusted path. FTP_TRP.1.3 The OS shall require use of the trusted path for [[all remote administrative actions]]. 5.3 TOE SFR Dependencies Rationale for SFRs [GPOSPP] and [SSHEP] contain all the requirements claimed in this Security Target. As such, the dependencies are not applicable since the PP, EP, and Module have been approved. 5.4 Security Assurance Requirements The TOE assurance requirements for this ST are taken directly from [GPOSPP] which are derived from Common Criteria Version 3.1, Revision 5. The assurance requirements are summarized in the table below. Assurance Class Components Components Description Development ADV_FSP.1 Basic Functional Specification Guidance Documents AGD_OPE.1 Operational User Guidance AGD_PRE.1 Preparative User Guidance Life Cycle Support ALC_CMC.1 Labeling of the TOE ALC_CMS.1 TOE CM Coverage ALC_TSU_EXT.1 Timely Security Updates Security Target evaluation ASE_CCL.1 Conformance claims ASE_ECD.1 Extended components definition ASE_INT.1 ST introduction 24 Assurance Class Components Components Description ASE_OBJ.1 Security objectives for the operational environment ASE_REQ.1 Stated security requirements ASE_TSS.1 TOE summary specification Tests ATE_IND.1 Independent Testing – Conformance Vulnerability Assessment AVA_VAN.1 Vulnerability Analysis Table 12 Security Assurance Requirements 5.5 Rationale for Security Assurance Requirements The functional specification describes the external interfaces of the TOE; such as the means for a user to invoke a service and the corresponding response of those services. The description includes the interface(s) that enforces a security functional requirement, the interface(s) that supports the enforcement of a security functional requirement, and the interface(s) that does not enforce any security functional requirements. The interfaces are described in terms of their purpose (general goal of the interface), method of use (how the interface is to be used), parameters (explicit inputs to and outputs from an interface that control the behavior of that interface), parameter descriptions (tells what the parameter is in some meaningful way), and error messages (identifies the condition that generated it, what the message is, and the meaning of any error codes). The development evidence also contains a tracing of the interfaces to the SFRs described in this ST. 5.6 Assurance Measures The TOE satisfies the identified assurance requirements. This section identifies the Assurance Measures applied by Red Hat to satisfy the assurance requirements. The table below lists the details. SAR Component How the SAR will be met ADV_FSP.1 The functional specification describes the external interfaces of the TOE; such as the means for a user to invoke a service and the corresponding response of those services. The description includes the interface(s) that enforces a security functional requirement, the interface(s) that supports the enforcement of a security functional requirement, and the interface(s) that does not enforce any security functional requirements. The interfaces are described in terms of their purpose (general goal of the interface), method of use (how the interface is to be used), parameters (explicit inputs to and outputs from an interface that control the behavior of that interface), parameter descriptions (tells what the parameter is in some meaningful way), and error messages (identifies the condition that generated it, what the message is, and the meaning of any error codes). AGD_OPE.1 The Administrative Guide provides the descriptions of the processes and procedures of how the administrative users of the TOE can securely administer the TOE using the interfaces that provide the features and functions detailed in the guidance. AGD_PRE.1 The Installation Guide describes the installation, generation, and startup procedures so that the users of the TOE can put the components of the TOE in the evaluated configuration. ALC_CMC.1 The Configuration Management (CM) documents describe how the consumer identifies the evaluated TOE. The CM documents identify the configuration items, how those configuration items are uniquely identified, and the adequacy of the procedures that are used to control and track changes that are made to the TOE. This includes details on what changes are tracked and how potential changes are incorporated. ALC_CMS.1 ALC_TSU_EXT.1 Red Hat accepts reports of security issues at the secalert@redhat.com email address. Red Hat provides a public GPG key, so the reporter can protect sensitive aspects of a report. Email sent to secalert@redhat.com is read and acknowledged with a non-automated response within three working days. For issues that are complicated and require significant attention, Red Hat will open an investigation and will provide reporters with a mechanism to check the status at any time. 25 SAR Component How the SAR will be met For security issues under embargo, Red Hat does not disclose, discuss, or confirm security issues until an investigation is conducted and the vulnerability is made public. Once an embargoed issue has been made public, Red Hat publishes documentation regarding the flaw including technical details on the issue, a Common Vulnerabilities and Exposures (CVE) identifier, a Common Vulnerabilities Security Score (CVSS), a Red Hat Severity Rating, and the Red Hat products impacted by the vulnerability. Red Hat distributes information about security issues in its products through the Red Hat CVE database and security advisories to active subscription holders. Advisories are provided through the rhsa-announce mailing list. ATE_IND.1 Red Hat will provide the TOE for testing. AVA_VAN.1 Red Hat will provide the TOE for testing. Table 13 TOE Security Assurance Measures 26 6 TOE Summary Specification This chapter identifies and describes how the Security Functional Requirements identified above are met by the TOE. TOE SFR Rationale FAU_GEN.1 The TOE generates and stores audit events using the Lightweight Audit Framework (LAF). The LAF is designed to be an audit system making the TOE compliant with the requirements from Common Criteria by intercepting all system calls and retrieving audit log entries from privileged user space applications. The framework allows configuring the events to be recorded from the set of all events that are possible to be audited and forwards the events matching the filters to the audit daemon. Each audit record contains the date and time of event, type of event, subject identity, and the user identity if applicable. Access to audit data by normal users is prohibited by the discretionary access control function of the TOE, which is used to restrict the access to the audit trail and audit configuration files to the system administrator only. An audit record consists of one or more lines of text containing fields in a “keyword=value” tagged format. The following information is contained in all audit record lines: • Type: indicates the source of the event, such as SYSCALL, PATH, USER_LOGIN, or LOGIN • Timestamp: Date and time (accurate to the millisecond) that the audit record was generated • serial number: unique numerical event identifier appended to the timestamp • Login ID (“auid”), the user ID of the user authenticated by the system (regardless if the user has changed his real and / or effective user ID afterwards) • Effective user and group ID: the effective user and group ID of the process at the time the audit event was generated • Success or failure (where appropriate) • Process ID of the subject that caused the event (PID) • Hostname or terminal the subject used for performing the operation • Information about the intended operation • The success or failure of the action This information is followed by event specific data. In some cases, such as SYSCALL event records involving file system objects, multiple text lines will be generated for a single event, these all have the same time stamp and serial number to permit easy correlation. The TOE is able to generate audit records for the following events: • Start-up and shut-down of the audit function • Authentication Events • Use of privileged/special rights events: o security, audit, and configuration changes o privilege or role escalation o Administrator or root-level access events o User and Group management • File and object events (create, access, delete, modify, modify permissions) • Audit and log data access events • Cryptographic verification of software • System reboot, restart, and shutdown 27 TOE SFR Rationale • Kernel module loading and unloading FCS_CKM.1 The TOE implements RSA and ECC key generation as specified in FIPS 186-4. The TOE implements FFC key generation as specified in FIPS 186-4 and RFC 3526. RSA key sizes of 2048 and 3072 are supported. ECC curves P-256, P-384, and P-521 are supported. The FFC key size of L=2048, N=2047 (Group 14) is supported. For more detail, please see Table 4. FCS_CKM.2 For RSA Key Establishment, the TOE implements sections 7.1 and 7.2.1 of SP 800-56B. The TOE is a TLS client (i.e. sender), so it does not perform RSA decryption. The TOE supports 2048 and, 3072-bit RSA keys. For Elliptic curve key establishment, the TOE implements section 6.1.2.2 of SP 800-56A Rev. 3. The TOE supports Elliptic curve key establishment using the P-256, P-384, and P- 521 curves. For Finite field key establishment, the TOE implements section 6.1.2.1 of SP 800-56A Rev. 3. The TOE supports finite field key establishment using group 14. FCS_CKM_EXT.4 For volatile memory, the TOE destroys keys and key material by performing a single overwrite consisting of zeroes. For non-volatile memory, the TOE instructs the underlying XFS filesystem to destroy the abstraction that represents the key. See Section 6.2 for additional details. FCS_COP.1(1) FCS_COP.1(1)/SSH The TOE implements AES as specified in FIPS 197 with 128-bit and 256-bit key sizes. The TOE implements the following modes: CTR, CBC, GCM. For more detail, please see Table 4. The CTR mode counter is a 128-bit value output from the SSH key exchange, so it is guaranteed to be unique. The counter is incremented by 1 for each block that is encrypted. SSH rekeys at least every 512 MB of data transmitted for each key, so only a maximum of 2^25 counter values could be used, ensuring the counter does not wrap. FCS_COP.1(2) The TOE implements SHA-1, SHA-256, SHA-384, and SHA-512 as specified in FIPS 180-4. For more detail, please see Table 4. FCS_COP.1(3) The TOE implements RSA and ECDSA signature generation and verification as specified in FIPS 186-4. RSA key sizes of 2048 and 3072 are supported with SHA-1, SHA-256, SHA-384, and SHA-512. RSA with a 4096-bit key and SHA-256 hash is supported for signature verification of updates. ECDSA curves P-256, P-384, and P-521 are supported with SHA- 256, SHA-384, and SHA-512. For more detail, please see Table 4. FCS_COP.1(4) The TOE implements HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 as specified in FIPS 198-1. For more detail, please see Table 4. FCS_RBG_EXT.1 The TOE generates random bits using a CTR_DRBG as specified in NIST SP 800-90A. For more detail, please see Table 4. FCS_STO_EXT.1 The TOE includes the OpenSSL library to securely store sensitive data. The TOE does not limit the data that can be protected and allows the administrator to encrypt any data using the OpenSSL API. OpenSSL provides file encryption services using AES-128 or AES- 256 in CBC mode. 28 TOE SFR Rationale FCS_SSH_EXT.1 FCS_SSHC_EXT.1 FCS_SSHS_EXT.1 The TOE utilizes OpenSSH for its SSHv2 Client and Server implementations. The TOE supports the same algorithms and properties for both implementations. • Authentication Methods: o Public Key o Password • Symmetric Algorithms: o aes128-ctr o aes256-ctr o aes128-cbc o aes256-cbc • Public Key Algorithms: o ssh-rsa (FCS_SSHS_EXT.1 only) o rsa-sha2-256 (FCS_SSHS_EXT.1 only) o rsa-sha2-512 o ecdsa-sha2-nistp256 o ecdsa-sha2-nistp384 • MACs: o hmac-sha2-256 o hmac-sha2-512 • Key Exchange Methods: o diffie-hellman-group14-sha1 o ecdh-sha2-nistp256 o ecdh-sha2-nistp384 o ecdh-sha2-nistp521 The TOE drops any SSH packet with a packet_length field greater than 262,144 bytes. The can TOE also rekey SSH connections before a key has been used for over an hour or used to protect more than 512 MB of data. OpenSSH utilizes algorithms provided by OpenSSL. FCS_TLSC_EXT.1 FCS_TLSC_EXT.2 The TOE provides three TLSv1.2 client implementations (OpenSSL and NSS). Each implementation supports the following ciphersuites: • TLS_RSA_WITH_AES_128_CBC_SHA as defined in RFC 5246, • TLS_RSA_WITH_AES_256_CBC_SHA as defined in RFC 5246, • TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246, • TLS_RSA_WITH_AES_256_CBC_SHA256 as defined in RFC 5246, • TLS_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5288, • TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288, • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246, • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 as defined in RFC 5246, • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5288, • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288, • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289, • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289, • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289, • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289, • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289, • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289, • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289, 29 TOE SFR Rationale • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289 The TOE establishes the reference identifier by parsing the DNS Name or IP address for the configured SIP server. The reference identifier is matched against the SAN, if present. If the SAN is not present, the referenced identifier is matched against the CN. The TOE supports wildcards in the DNS name of the server certificate. The TOE does not support URI reference identifiers, SRV reference identifiers, or certificate pinning. The TOE presents the supported Groups Extension in the Client Hello message with the P- 256, P-384, and P-521 curves. These curves are presented without any configuration by the user. FDP_ACF_EXT.1 The TOE supports standard UNIX permission bits to provide one form of DAC. There are three sets of three bits that define access for three categories of users: the owning user, users in the owning group, and other users. The three bits in each set indicate the access permissions granted to each user category: one bit for read (r), one for write (w) and one for execute (x). Note that write access to file systems mounted as read only (e. g. CD- ROM) is always rejected (the exceptions are character and block device files which can still be written to as write operations do not modify the information on the storage media). The SAVETXT attribute is used for world-writable temp directories preventing the removal of files by users other than the owner. Each process has an inheritable “umask” attribute which is used to determine the default access permissions for new objects. It is a bit mask of the user/group/other read/write/execute bits and specifies the access bits to be removed from new objects. For example, setting the umask to “002” ensures that new objects will be writable by the owner and group, but not by others. The umask is defined by the administrator in the /etc/login.defs file or 022 by default if not specified. The TOE also provides support for POSIX type ACLs to define a fine-grained access control on per-file or per-directory basis. An ACL entry contains the following information: • A tag type that specifies the type of the ACL entry • A qualifier that specifies an instance of an ACL entry type • A permission set that specifies the discretionary access rights for processes identified by the tag type and qualifier An ACL contains exactly one entry of three different tag types (called the "required ACL entries” forming the "minimum ACL"). The standard UNIX file permission bits as described above are represented by the entries in the minimum ACL. A default ACL is an additional ACL which may be associated with a directory. This default ACL has no effect on the access to this directory. Instead the default ACL is used to initialize the ACL for any file that is created in this directory. If the new file created is a directory it inherits the default ACL from its parent directory. When an object is created within a directory and the ACL is not defined with the function creating the object, the new object inherits the default ACL of its parent directory as its initial ACL. In addition, the following additional access control bits are processed by the kernel: • SUID bit: When an executable marked with the SUID bit is executed, the effective UID of the process is changed to the UID of the owner of the file. The SUID bit for file system objects other than files is ignored. 30 TOE SFR Rationale • SGID bit: When an executable marked with the SGID bit is executed, the effective GID of the process is changed to the owning GID of the file. The SGID bit for file system objects other than files is ignored. • SAVETXT: When a directory is marked with the SAVETXT bit, only the owner of a file system object in that directory can remove it. This bit is commonly used for world-writable directories like /tmp. Only processes with the CAP_FOWNER capability are able to remove the file system object if their UID is different than the owning UID of the file system object. The TOE uses these permissions to protect the following from unauthorized modification: • Kernel, drivers, and kernel modules – files in: o /boot/ o /usr/lib/modules/ o /usr/lib/firmware/ • Security audit logs – files in: o /var/log/audit/ o /var/log/ • Shared libraries – files in: o /usr/lib64/ o /usr/lib/ • System executables – files in: o /usr/sbin/ o /usr/bin/ o /usr/libexec/ • System configuration files – files in: o /etc/ o /usr/lib/ Both shared libraries and configuration files are stored in /usr/lib/; however, all files in /usr/lib/ are protected from unauthorized modification, regardless of type. FIA_AFL.1 The TOE will detect when an administrator configurable integer within 1-65,535 unsuccessful authentication attempts for authentication based on username and password occur related to password-based authentication at the local console and over SSH. Once the specified number of unsuccessful authentication attempts for an account has been met, the TOE locks the account. FIA_UAU.5 The TOE supports authentication based on username and password at the local console and over SSH. SSH public key-based authentication is supported over SSH. The TOE performs username and password authentication using a local set of credentials. Local username/password credentials are stored in the /etc/passwd and /etc/shadow files. The /etc/passwd file contains usernames, associated IDs, an indicator whether the password of the user is valid, the principal group id of the user and other (not security relevant) information. The /etc/shadow file contains a hash of the user's password, the user ID, the time the password was last changed, the expiration time, and the validity period of the password. Users are also warned to change their passwords at login time if the password will expire soon and are prevented from logging in if the password has expired. The time of the last successful logins is recorded in the directory /var/log/faillock where one file per user is kept. Users can change their own password. Only administrators can 31 TOE SFR Rationale add or delete users or change their properties. OpenSSH server is able to perform a key-based authentication. When a user wants to log on, instead of providing a password, the user sends a signed SSH_MSG_USERAUTH_REQUEST message. If the OpenSSH server can verify the signature using a public key in the user’s authorized_keys file, the OpenSSH server considers the user authenticated. FIA_X509_EXT.1 FIA_X509_EXT.2 The TOE uses X.509v3 certificates as defined by RFC 5280 to support authentication for TLS and HTTPS connections. The X.509 certificates are validated using the certificate path validation algorithm defined in RFC 5280, which can be summarized as follows: • the public key algorithm and parameters are checked • the current date/time is checked against the validity period • revocation status is checked using CRL • issuer name of X matches the subject name of X+1 • extensions are processed When the certificate being validated is for a TLS server, the TOE ensures the Extended Key Usage extension contains the Server Authentication purpose. The TOE ensures all CA certs contain the basic constraints extension and that the CA=TRUE flag is set. The TOE certificate validation algorithm also ensures that the certificate path terminates in a trusted root CA (i.e. a CA certificate configured on the TOE as trusted). FMT_MOF_EXT.1 The TOE restricts all “Administrator” management activities listed in FMT_SMF_EXT.1 to users who are members of the “wheel” group. Members of this group are considered the administrators, because group membership allows users to elevate their privileges, allowing management of the TOE, using the sudo command. FMT_SMF_EXT.1 The TOE allows the administrators to perform the following management activities: • Enable/disable screen lock • Configure screen lock inactivity timeout • Configure local audit storage capacity • Configure minimum password length • Configure minimum number of special characters in password • Configure minimum number of numeric characters in password • Configure minimum number of uppercase characters in password • Configure minimum number of lowercase characters in password • Configure lockout policy for unsuccessful authentication attempts through timeouts between attempts • Configure host-based firewall • Configure name/address of directory server with which to bind • Configure name/address of audit/logging server to which to send audit/logging records • Configure audit rules • Configure name/address of network time server • Enable/disable automatic software update 32 TOE SFR Rationale Non-administrative users are not allowed to manage the TOE. FPT_ACF_EXT.1 The TOE uses the file/directory permissions described in FDP_ACF_EXT.1 to prevent unprivileged users from modifying: • Kernel and its drivers/modules • Security audit logs • Shared libraries • System executables • System configuration files FPT_ASLR_EXT.1 The TOE provides ASLR for Position Independent Executables (listed in Section 6.1) with the following amount of randomization: • exec 30 bits • heap 30 bits • so 29 bits • mmap 29 bits • stack 30 bits The TOE provides ASLR with the following amount of randomization for normal executables: • exec No randomization • heap 14 bits • so No randomization • mmap 29 bits • stack 30 bits FPT_SBOP_EXT.1 Most of the TOE binaries are compiled with the option “stack-protector-strong” to add a stack canary and associated verification code during the entry and exit of function frames to prevent stack-based buffer overflows. Please see 6.3 for a list of binaries that were not compiled with stack smashing protections enabled and rationale why protections are not needed. FPT_TST_EXT.1 The Unified Extensible Firmware Interface (UEFI) Secure Boot technology ensures that the system firmware checks whether the system boot loader is signed with a cryptographic key authorized by a database of public keys contained in the firmware. With signature verification in the next-stage boot loader and kernel, it is possible to prevent the execution of kernel space code which has not been signed by a trusted key. The signature on the first-stage boot loader (shim.efi) is verified to be signed by a certificate authority (CA) stored in the firmware database. shim.efi then uses an embedded RSA2048 public key to verify the signature on the RSA 2048 code signing public key. The code signing key is used to verify the signature of the second-stage boot loader, GRUB 2 (grubx64.efi). Finally, GRUB 2 uses the code signing key to verify the signature on the OS kernel before passing control to the kernel. The kernel has 2 more embedded keys that are used to authenticate drivers and kernel modules. FPT_TUD_EXT.1 FPT_TUD_EXT.2 The TOE has the ability to check for updates to itself and application software. Both types of updates are verified by RSA 4096 with SHA-256 prior to installation. FTA_TAB.1 The TOE can be configured to display an administrator configured advisory warning message prior to establishing a local or remote interactive user session. 33 TOE SFR Rationale FTP_ITC_EXT.1 The TOE provides a TLS Client protocol implementation which allows applications to protect communications with remote IT entities. The TOE uses the SSH server protocol to protect the communications with remote users. The TOE also allows users to securely connect to remote servers using SSH. FTP_TRP.1 The TOE provides a trusted path with local and remote users. The TOE uses the SSH Server protocol to protect the communications with remote users. Table 14 TOE Summary Specification SFR Description 6.1 Position Independent Executables The TOE includes the following executables that are compiled to be Position Independent Executables (PIE): • /usr/bin/teamnl • /usr/bin/last • /usr/bin/mesg • /usr/bin/wall • /usr/bin/chage • /usr/bin/passwd • /usr/bin/gpasswd • /usr/bin/lastlog • /usr/bin/write • /usr/bin/newgrp • /usr/bin/bootctl • /usr/bin/busctl • /usr/bin/coredumpctl • /usr/bin/hostnamectl • /usr/bin/journalctl • /usr/bin/loginctl • /usr/bin/localectl • /usr/bin/machinectl • /usr/bin/systemctl • /usr/bin/systemd-ask-password • /usr/bin/systemd-analyze • /usr/bin/systemd-cgtop • /usr/bin/systemd-cat • /usr/bin/systemd-cgls • /usr/bin/systemd-delta • /usr/bin/systemd-detect-virt • /usr/bin/systemd-escape • /usr/bin/systemd-firstboot • /usr/bin/systemd-hwdb • /usr/bin/systemd-inhibit • /usr/bin/systemd-notify • /usr/bin/systemd-nspawn • /usr/bin/systemd-path • /usr/bin/systemd-tmpfiles • /usr/bin/systemd-run • /usr/bin/systemd-stdio-bridge • /usr/bin/udevadm • /usr/bin/timedatectl • /usr/bin/dbus-run-session • /usr/bin/dbus-cleanup-sockets • /usr/bin/dbus-daemon • /usr/bin/dbus-monitor • /usr/bin/dbus-uuidgen • /usr/bin/dbus-send • /usr/bin/dbus-test-tool • /usr/bin/ping • /usr/bin/mount • /usr/bin/secon • /usr/bin/tracepath • /usr/bin/tracepath6 • /usr/bin/ipcalc • /usr/bin/usleep • /usr/bin/pkaction • /usr/bin/ssh-keygen • /usr/bin/pkcheck • /usr/bin/pkexec • /usr/bin/nm-online • /usr/bin/su • /usr/bin/pkttyagent • /usr/bin/nmcli • /usr/bin/crontab • /usr/bin/umount • /usr/bin/screen • /usr/bin/systemd-machine-id-setup • /usr/bin/systemd-tty-ask-password-agent • /usr/bin/dbus-update-activation- environment • /usr/bin/cvtsudoers • /usr/bin/nmtui • /usr/bin/pkla-admin-identities • /usr/bin/pkla-check-authorization • /usr/bin/scp • /usr/bin/sftp • /usr/bin/ssh • /usr/bin/consolehelper • /usr/bin/sss_ssh_authorizedkeys 34 • /usr/bin/sss_ssh_knownhostsproxy • /usr/bin/ssh-add • /usr/bin/ssh-keyscan • /usr/bin/semodule_package • /usr/bin/semodule_deps • /usr/bin/semodule_expand • /usr/bin/semodule_link • /usr/bin/semodule_unpackage • /usr/bin/quota • /usr/bin/sepolgen-ifgen-attr-helper • /usr/bin/newrole • /usr/bin/oscap • /usr/bin/teamd • /usr/bin/teamdctl • /usr/bin/rsync • /usr/bin/plymouth • /usr/bin/netstat • /usr/bin/quotasync • /usr/bin/qemu-ga • /usr/bin/chronyc • /usr/bin/rhsmcertd • /usr/bin/updatedb • /usr/bin/stunnel • /usr/sbin/pwck • /usr/sbin/vipw • /usr/sbin/killall5 • /usr/sbin/tcpdmatch • /usr/sbin/tcpd • /usr/sbin/biosdecode • /usr/sbin/try-from • /usr/sbin/dmidecode • /usr/sbin/sssd • /usr/sbin/quot • /usr/sbin/lvm • /usr/sbin/ownership • /usr/sbin/vpddecode • /usr/sbin/sasldblistusers2 • /usr/sbin/saslpasswd2 • /usr/sbin/faillock • /usr/sbin/pam_console_apply • /usr/sbin/mkhomedir_helper • /usr/sbin/pam_tally2 • /usr/sbin/pam_timestamp_check • /usr/sbin/unix_chkpwd • /usr/sbin/safe_finger • /usr/sbin/chpasswd • /usr/sbin/load_policy • /usr/sbin/semodule • /usr/sbin/sestatus • /usr/sbin/grpck • /usr/sbin/setfiles • /usr/sbin/grpconv • /usr/sbin/setsebool • /usr/sbin/grpunconv • /usr/sbin/arping • /usr/sbin/newusers • /usr/sbin/clockdiff • /usr/sbin/pwconv • /usr/sbin/pwunconv • /usr/sbin/rdisc • /usr/sbin/consoletype • /usr/sbin/kpartx • /usr/sbin/genhostid • /usr/sbin/dmfilemapd • /usr/sbin/dmsetup • /usr/sbin/netreport • /usr/sbin/ppp-watch • /usr/sbin/usernetctl • /usr/sbin/anacron • /usr/sbin/crond • /usr/sbin/dhclient • /usr/sbin/sss_cache • /usr/sbin/dmeventd • /usr/sbin/rpcbind • /usr/sbin/rpcinfo • /usr/sbin/eapol_test • /usr/sbin/wpa_cli • /usr/sbin/wpa_passphrase • /usr/sbin/wpa_supplicant • /usr/sbin/NetworkManager • /usr/sbin/audispd • /usr/sbin/auditctl • /usr/sbin/auditd • /usr/sbin/unbound-anchor • /usr/sbin/plymouthd • /usr/sbin/rhnsd • /usr/sbin/rsyslogd • /usr/sbin/convertquota • /usr/sbin/edquota • /usr/sbin/quotacheck • /usr/sbin/quotaon • /usr/sbin/quotastats • /usr/sbin/repquota • /usr/sbin/rpc.rquotad • /usr/sbin/setquota • /usr/sbin/xqmstats • /usr/sbin/lvmetad • /usr/sbin/lvmpolld • /usr/sbin/smartd • /usr/sbin/arp 35 • /usr/sbin/irqbalance • /usr/sbin/ether-wake • /usr/sbin/ifconfig • /usr/sbin/ipmaddr • /usr/sbin/iptunnel • /usr/sbin/mii-tool • /usr/sbin/nameif • /usr/sbin/plipconfig • /usr/sbin/route • /usr/sbin/slattach • /usr/sbin/chronyd • /usr/sbin/mcstransd • /usr/sbin/visudo • /usr/sbin/sshd • /usr/sbin/xinetd • /usr/sbin/postalias • /usr/sbin/postcat • /usr/sbin/postconf • /usr/sbin/postdrop • /usr/sbin/postfix • /usr/sbin/postkick • /usr/sbin/postlock • /usr/sbin/postlog • /usr/sbin/postmap • /usr/sbin/postmulti • /usr/sbin/postqueue • /usr/sbin/postsuper • /usr/sbin/sendmail.postfix • /usr/sbin/smtp-sink • /usr/sbin/smtp-source • /usr/sbin/smartctl • /usr/libexec/selinux/hll/pp • /usr/libexec/initscripts/brandbot • /usr/libexec/openssh/ctr-cavstest • /usr/libexec/openssh/ssh-pkcs11-helper • /usr/libexec/openssh/sftp-server • /usr/libexec/openssh/ssh-keycat • /usr/libexec/nm-dhcp-helper • /usr/libexec/nm-dispatcher • /usr/libexec/nm-iface-helper • /usr/libexec/openscap/probe_dnscache • /usr/libexec/openscap/probe_environment variable • /usr/libexec/openscap/probe_environment variable58 • /usr/libexec/openscap/probe_family • /usr/libexec/openscap/probe_file • /usr/libexec/openscap/probe_fileextended attribute • /usr/libexec/openscap/probe_filehash • /usr/libexec/openscap/probe_filehash58 • /usr/libexec/openscap/probe_iflisteners • /usr/libexec/openscap/probe_inetlistenings ervers • /usr/libexec/openscap/probe_interface • /usr/libexec/openscap/probe_partition • /usr/libexec/openscap/probe_password • /usr/libexec/openscap/probe_process • /usr/libexec/openscap/probe_process58 • /usr/libexec/openscap/probe_routingtable • /usr/libexec/openscap/probe_rpminfo • /usr/libexec/openscap/probe_rpmverify • /usr/libexec/openscap/probe_rpmverifyfile • /usr/libexec/openscap/probe_rpmverifypac kage • /usr/libexec/openscap/probe_runlevel • /usr/libexec/openscap/probe_selinuxboole an • /usr/libexec/openscap/probe_selinuxsecuri tycontext • /usr/libexec/openscap/probe_shadow • /usr/libexec/openscap/probe_symlink • /usr/libexec/openscap/probe_sysctl • /usr/libexec/openscap/probe_system_info • /usr/libexec/openscap/probe_systemdunitd ependency • /usr/libexec/openscap/probe_systemdunitp roperty • /usr/libexec/openscap/probe_textfileconte nt • /usr/libexec/openscap/probe_textfileconte nt54 • /usr/libexec/openscap/probe_uname • /usr/libexec/openscap/probe_variable • /usr/libexec/openscap/probe_xinetd • /usr/libexec/openscap/probe_xmlfileconte nt • /usr/libexec/ipsec/_import_crl • /usr/libexec/ipsec/addconn • /usr/libexec/ipsec/algparse • /usr/libexec/ipsec/cavp • /usr/libexec/ipsec/enumcheck • /usr/libexec/ipsec/eroute • /usr/libexec/ipsec/klipsdebug • /usr/libexec/ipsec/pf_key • /usr/libexec/ipsec/pluto • /usr/libexec/ipsec/readwriteconf • /usr/libexec/ipsec/rsasigkey • /usr/libexec/ipsec/showhostkey • /usr/libexec/ipsec/spi • /usr/libexec/ipsec/spigrp 36 • /usr/libexec/ipsec/tncfg • /usr/libexec/ipsec/whack • /usr/libexec/postfix/anvil • /usr/libexec/postfix/bounce • /usr/libexec/postfix/cleanup • /usr/libexec/postfix/discard • /usr/libexec/postfix/dnsblog • /usr/libexec/postfix/error • /usr/libexec/postfix/flush • /usr/libexec/postfix/local • /usr/libexec/postfix/master • /usr/libexec/postfix/oqmgr • /usr/libexec/postfix/pickup • /usr/libexec/postfix/pipe • /usr/libexec/postfix/postscreen • /usr/libexec/postfix/proxymap • /usr/libexec/postfix/qmqpd • /usr/libexec/postfix/scache • /usr/libexec/postfix/showq • /usr/libexec/postfix/smtpd • /usr/libexec/postfix/spawn • /usr/libexec/postfix/tlsmgr • /usr/libexec/postfix/tlsproxy • /usr/libexec/postfix/trivial-rewrite • /usr/libexec/postfix/verify • /usr/libexec/postfix/virtual • /usr/libexec/postfix/lmtp • /usr/libexec/postfix/smtp • /usr/libexec/postfix/nqmgr • /usr/libexec/postfix/qmgr • /usr/libexec/sudo/sesh 6.2 Cryptographic Keys Key Type Volatile Management Non-Volatile Storage TLS Diffie- Hellman Private Key FFC Group 14 Or ECC P-256, P-384, or P- 521 Generated by the DRBG as specified by FCS_CKM.1 and FCS_CKM.2 N/A TLS Pre- Master Secret Data used to derive keys Generated by the DRBG Or Established using Diffie-Hellman (FFC & ECC) N/A TLS Session Keys AES 128-bit or 256-bit And HMAC 160-bit, 256-bit, or 384-bit Derived from the TLS Pre-Master Secret N/A SSH Server Private Key RSA 2048 or 3072 Or ECDSA P-256 or P-384 Loaded from the filesystem Storage method: Filesystem API SSH User Private Key RSA 2048 or 3072 Or ECDSA P-256 or P-384 Loaded from the filesystem Storage method: Filesystem API SSH Diffie- Hellman Private Key FFC Group 14 Or ECC P-256, P-384, or P- 521 Generated by the DRBG as specified by FCS_CKM.1 and FCS_CKM.2 N/A SSH Shared Secret Data used to derive keys Established using Diffie-Hellman (FFC & ECC) N/A SSH Session Keys AES 128-bit or 256-bit And HMAC 256-bit or 512-bit Derived from the SSH Shared Secret N/A User Passwords ASCII text Entered by the user N/A – Salted and hashed passwords are stored in /etc/shadow 37 File Encryption Key AES 128-bit or 256-bit Loaded from the filesystem Or Entered by the user Or Derived from a password entered by the user N/A Table 15 Cryptographic Keys 6.3 Stack Smashing Protection The TOE includes a number of binaries that were not compiled with stack-smashing protections enabled for a number of reasons. The reasons are listed below, followed by a list of binaries to which that reason applies. The following are kernel modules that are hand-written assembler: • /usr/lib/modules/3.10.0-957.el7.x86_64/vdso/vdso.so • /usr/lib/modules/3.10.0-957.el7.x86_64/vdso/vdso32-int80.so • /usr/lib/modules/3.10.0-957.el7.x86_64/vdso/vdso32-syscall.so • /usr/lib/modules/3.10.0-957.el7.x86_64/vdso/vdso32-sysenter.so The following are from glibc which has special needs: • /usr/lib64/libutil-2.17.so • /usr/lib64/ld-2.17.so The following is from the gcc compiler which has special needs: • /usr/lib64/libgcc_s-4.8.5-20150702.so.1 the following are data tables for character set conversion in glibc: • /usr/lib64/gconv/GEORGIAN-PS.so • /usr/lib64/gconv/ANSI_X3.110.so • /usr/lib64/gconv/GOST_19768-74.so • /usr/lib64/gconv/ARMSCII-8.so • /usr/lib64/gconv/IBM1145.so • /usr/lib64/gconv/ASMO_449.so • /usr/lib64/gconv/IBM1146.so • /usr/lib64/gconv/BIG5.so • /usr/lib64/gconv/GREEK-CCITT.so • /usr/lib64/gconv/BIG5HKSCS.so • /usr/lib64/gconv/IBM1147.so • /usr/lib64/gconv/BRF.so • /usr/lib64/gconv/IBM1148.so • /usr/lib64/gconv/CP10007.so • /usr/lib64/gconv/IBM1149.so • /usr/lib64/gconv/CP1125.so • /usr/lib64/gconv/IBM1153.so • /usr/lib64/gconv/CP1250.so • /usr/lib64/gconv/IBM1154.so 38 • /usr/lib64/gconv/CP1251.so • /usr/lib64/gconv/IBM1155.so • /usr/lib64/gconv/CP1252.so • /usr/lib64/gconv/IBM1156.so • /usr/lib64/gconv/CP1253.so • /usr/lib64/gconv/IBM1157.so • /usr/lib64/gconv/CP1254.so • /usr/lib64/gconv/IBM1158.so • /usr/lib64/gconv/CP1255.so • /usr/lib64/gconv/IBM1160.so • /usr/lib64/gconv/CP1256.so • /usr/lib64/gconv/IBM1161.so • /usr/lib64/gconv/CP1257.so • /usr/lib64/gconv/IBM1162.so • /usr/lib64/gconv/CP1258.so • /usr/lib64/gconv/IBM1163.so • /usr/lib64/gconv/CP737.so • /usr/lib64/gconv/IBM1164.so • /usr/lib64/gconv/CP770.so • /usr/lib64/gconv/IBM1166.so • /usr/lib64/gconv/CP771.so • /usr/lib64/gconv/IBM1167.so • /usr/lib64/gconv/CP772.so • /usr/lib64/gconv/IBM12712.so • /usr/lib64/gconv/CP773.so • /usr/lib64/gconv/IBM1364.so • /usr/lib64/gconv/CP774.so • /usr/lib64/gconv/IBM1371.so • /usr/lib64/gconv/CP775.so • /usr/lib64/gconv/IBM1388.so • /usr/lib64/gconv/CP932.so • /usr/lib64/gconv/GREEK7-OLD.so • /usr/lib64/gconv/CSN_369103.so • /usr/lib64/gconv/IBM1390.so • /usr/lib64/gconv/CWI.so • /usr/lib64/gconv/IBM1399.so • /usr/lib64/gconv/DEC-MCS.so • /usr/lib64/gconv/HP-GREEK8.so • /usr/lib64/gconv/EBCDIC-AT-DE-A.so • /usr/lib64/gconv/GREEK7.so • /usr/lib64/gconv/EBCDIC-AT-DE.so • /usr/lib64/gconv/HP-ROMAN8.so • /usr/lib64/gconv/EBCDIC-CA-FR.so • /usr/lib64/gconv/HP-ROMAN9.so • /usr/lib64/gconv/EBCDIC-DK-NO-A.so • /usr/lib64/gconv/HP-THAI8.so 39 • /usr/lib64/gconv/EBCDIC-DK-NO.so • /usr/lib64/gconv/IBM1047.so • /usr/lib64/gconv/EBCDIC-ES-A.so • /usr/lib64/gconv/IBM1097.so • /usr/lib64/gconv/EBCDIC-ES-S.so • /usr/lib64/gconv/IBM1112.so • /usr/lib64/gconv/EBCDIC-ES.so • /usr/lib64/gconv/IBM1122.so • /usr/lib64/gconv/EBCDIC-FI-SE-A.so • /usr/lib64/gconv/IBM1123.so • /usr/lib64/gconv/EBCDIC-FI-SE.so • /usr/lib64/gconv/IBM1124.so • /usr/lib64/gconv/EBCDIC-FR.so • /usr/lib64/gconv/IBM1129.so • /usr/lib64/gconv/EBCDIC-IS-FRISS.so • /usr/lib64/gconv/IBM1130.so • /usr/lib64/gconv/EBCDIC-IT.so • /usr/lib64/gconv/IBM1132.so • /usr/lib64/gconv/EBCDIC-PT.so • /usr/lib64/gconv/IBM1133.so • /usr/lib64/gconv/EBCDIC-UK.so • /usr/lib64/gconv/IBM1137.so • /usr/lib64/gconv/EBCDIC-US.so • /usr/lib64/gconv/IBM1140.so • /usr/lib64/gconv/ECMA-CYRILLIC.so • /usr/lib64/gconv/IBM16804.so • /usr/lib64/gconv/EUC-CN.so • /usr/lib64/gconv/IBM1141.so • /usr/lib64/gconv/EUC-JISX0213.so • /usr/lib64/gconv/IBM1142.so • /usr/lib64/gconv/EUC-JP-MS.so • /usr/lib64/gconv/IBM256.so • /usr/lib64/gconv/EUC-JP.so • /usr/lib64/gconv/IBM273.so • /usr/lib64/gconv/EUC-KR.so • /usr/lib64/gconv/IBM274.so • /usr/lib64/gconv/EUC-TW.so • /usr/lib64/gconv/IBM275.so • /usr/lib64/gconv/GB18030.so • /usr/lib64/gconv/IBM277.so • /usr/lib64/gconv/GBBIG5.so • /usr/lib64/gconv/IBM278.so • /usr/lib64/gconv/GBGBK.so • /usr/lib64/gconv/IBM280.so • /usr/lib64/gconv/GBK.so • /usr/lib64/gconv/IBM1143.so 40 • /usr/lib64/gconv/GEORGIAN-ACADEMY.so • /usr/lib64/gconv/HP-TURKISH8.so • /usr/lib64/gconv/IBM281.so • /usr/lib64/gconv/IBM037.so • /usr/lib64/gconv/IBM284.so • /usr/lib64/gconv/IBM038.so • /usr/lib64/gconv/IBM285.so • /usr/lib64/gconv/IBM1004.so • /usr/lib64/gconv/IBM290.so • /usr/lib64/gconv/IBM1008.so • /usr/lib64/gconv/IBM1144.so • /usr/lib64/gconv/IBM1008_420.so • /usr/lib64/gconv/IBM297.so • /usr/lib64/gconv/IBM1025.so • /usr/lib64/gconv/IBM420.so • /usr/lib64/gconv/IBM1026.so • /usr/lib64/gconv/IBM423.so • /usr/lib64/gconv/IBM1046.so • /usr/lib64/gconv/IBM866NAV.so • /usr/lib64/gconv/IBM424.so • /usr/lib64/gconv/IBM437.so • /usr/lib64/gconv/IBM4517.so • /usr/lib64/gconv/IBM4899.so • /usr/lib64/gconv/IBM4909.so • /usr/lib64/gconv/IBM4971.so • /usr/lib64/gconv/IBM500.so • /usr/lib64/gconv/IBM5347.so • /usr/lib64/gconv/IBM803.so • /usr/lib64/gconv/IBM850.so • /usr/lib64/gconv/IBM851.so • /usr/lib64/gconv/IBM852.so • /usr/lib64/gconv/IBM855.so • /usr/lib64/gconv/IBM856.so • /usr/lib64/gconv/IBM857.so • /usr/lib64/gconv/IBM860.so • /usr/lib64/gconv/IBM861.so • /usr/lib64/gconv/IBM862.so • /usr/lib64/gconv/IBM863.so • /usr/lib64/gconv/IBM864.so • /usr/lib64/gconv/IBM865.so • /usr/lib64/gconv/IBM866.so • /usr/lib64/gconv/SJIS.so • /usr/lib64/gconv/IBM868.so • /usr/lib64/gconv/T.61.so • /usr/lib64/gconv/IBM869.so • /usr/lib64/gconv/TCVN5712-1.so 41 • /usr/lib64/gconv/IBM870.so • /usr/lib64/gconv/TIS-620.so • /usr/lib64/gconv/IBM871.so • /usr/lib64/gconv/TSCII.so • /usr/lib64/gconv/IBM874.so • /usr/lib64/gconv/UHC.so • /usr/lib64/gconv/IBM875.so • /usr/lib64/gconv/UNICODE.so • /usr/lib64/gconv/IBM880.so • /usr/lib64/gconv/UTF-16.so • /usr/lib64/gconv/IBM891.so • /usr/lib64/gconv/UTF-32.so • /usr/lib64/gconv/IBM901.so • /usr/lib64/gconv/UTF-7.so • /usr/lib64/gconv/IBM902.so • /usr/lib64/gconv/VISCII.so • /usr/lib64/gconv/IBM903.so • /usr/lib64/gconv/IBM9030.so • /usr/lib64/gconv/IBM904.so • /usr/lib64/gconv/libCNS.so • /usr/lib64/gconv/IBM905.so • /usr/lib64/gconv/libGB.so • /usr/lib64/gconv/IBM9066.so • /usr/lib64/gconv/libISOIR165.so • /usr/lib64/gconv/IBM918.so • /usr/lib64/gconv/libJIS.so • /usr/lib64/gconv/IBM921.so • /usr/lib64/gconv/libJISX0213.so • /usr/lib64/gconv/IBM922.so • /usr/lib64/gconv/libKSC.so • /usr/lib64/gconv/IBM930.so • /usr/lib64/gconv/IBM932.so • /usr/lib64/gconv/IBM933.so • /usr/lib64/gconv/IBM935.so • /usr/lib64/gconv/IBM937.so • /usr/lib64/gconv/IBM939.so • /usr/lib64/gconv/IBM943.so • /usr/lib64/gconv/IBM9448.so • /usr/lib64/gconv/ISO_2033.so • /usr/lib64/gconv/IEC_P27-1.so • /usr/lib64/gconv/INIS-8.so • /usr/lib64/gconv/ISO_11548-1.so • /usr/lib64/gconv/INIS-CYRILLIC.so • /usr/lib64/gconv/INIS.so • /usr/lib64/gconv/ISO_5427-EXT.so • /usr/lib64/gconv/ISIRI-3342.so 42 • /usr/lib64/gconv/ISO_5427.so • /usr/lib64/gconv/ISO-2022-CN-EXT.so • /usr/lib64/gconv/ISO_5428.so • /usr/lib64/gconv/ISO-2022-CN.so • /usr/lib64/gconv/ISO_6937-2.so • /usr/lib64/gconv/ISO-2022-JP-3.so • /usr/lib64/gconv/ISO_6937.so • /usr/lib64/gconv/ISO-2022-JP.so • /usr/lib64/gconv/JOHAB.so • /usr/lib64/gconv/ISO-2022-KR.so • /usr/lib64/gconv/KOI-8.so • /usr/lib64/gconv/ISO-IR-197.so • /usr/lib64/gconv/KOI8-R.so • /usr/lib64/gconv/ISO-IR-209.so • /usr/lib64/gconv/ISO646.so • /usr/lib64/gconv/KOI8-RU.so • /usr/lib64/gconv/ISO8859-1.so • /usr/lib64/gconv/KOI8-T.so • /usr/lib64/gconv/ISO8859-10.so • /usr/lib64/gconv/KOI8-U.so • /usr/lib64/gconv/ISO8859-11.so • /usr/lib64/gconv/LATIN-GREEK-1.so • /usr/lib64/gconv/ISO8859-13.so • /usr/lib64/gconv/LATIN-GREEK.so • /usr/lib64/gconv/ISO8859-14.so • /usr/lib64/gconv/MAC-SAMI.so • /usr/lib64/gconv/ISO8859-15.so • /usr/lib64/gconv/MAC-CENTRALEUROPE.so • /usr/lib64/gconv/ISO8859-16.so • /usr/lib64/gconv/MAC-IS.so • /usr/lib64/gconv/ISO8859-2.so • /usr/lib64/gconv/MAC-UK.so • /usr/lib64/gconv/ISO8859-3.so • /usr/lib64/gconv/MACINTOSH.so • /usr/lib64/gconv/ISO8859-4.so • /usr/lib64/gconv/MIK.so • /usr/lib64/gconv/ISO8859-5.so • /usr/lib64/gconv/NATS-DANO.so • /usr/lib64/gconv/ISO8859-6.so • /usr/lib64/gconv/NATS-SEFI.so • /usr/lib64/gconv/ISO8859-7.so • /usr/lib64/gconv/PT154.so • /usr/lib64/gconv/ISO8859-8.so • /usr/lib64/gconv/RK1048.so • /usr/lib64/gconv/ISO8859-9.so • /usr/lib64/gconv/ISO8859-9E.so 43 • /usr/lib64/gconv/SAMI-WS2.so • /usr/lib64/gconv/ISO_10367-BOX.so • /usr/lib64/gconv/SHIFT_JISX0213.so The following are from glibc which has special needs or has small functions that need no stack protection: • /usr/lib64/libBrokenLocale-2.17.so • /usr/lib64/libSegFault.so • /usr/lib64/libanl-2.17.so • /usr/lib64/libcidn-2.17.so • /usr/lib64/libcrypt-2.17.so • /usr/lib64/libdl-2.17.so The following are from ncurses and simple functions that need no stack protection: • /usr/lib64/libpanel.so.5.9 • /usr/lib64/libpanelw.so.5.9 The following are from glibc which has special needs or has simple functions that need no stack protection: • /usr/lib64/libm-2.17.so • /usr/lib64/libnsl-2.17.so • /usr/lib64/libmemusage.so • /usr/lib64/libnss_compat-2.17.so • /usr/lib64/libnss_db-2.17.so • /usr/lib64/libnss_files-2.17.so • /usr/lib64/libnss_hesiod-2.17.so • /usr/lib64/libnss_nis-2.17.so • /usr/lib64/libnss_nisplus-2.17.so • /usr/lib64/libpthread-2.17.so • /usr/lib64/librt-2.17.so • /usr/lib64/libthread_db-1.0.so • /usr/lib64/rtkaio/librtkaio-2.17.so • /usr/lib64/audit/sotruss-lib.so • /usr/lib64/libpcprofile.so The following is from the nspr package which has simple functions that don't need stack protection: • /usr/lib64/libplc4.so The following are from pam and have simple functions that don't need stack protection: • /usr/lib64/security/pam_deny.so • /usr/lib64/security/pam_postgresok.so The following are from iptables. The functions are simple and don't need stack protection: • /usr/lib64/xtables/libip6t_DNAT.so • /usr/lib64/xtables/libxt_TRACE.so 44 • /usr/lib64/xtables/libip6t_DNPT.so • /usr/lib64/xtables/libxt_addrtype.so • /usr/lib64/xtables/libip6t_HL.so • /usr/lib64/xtables/libip6t_LOG.so • /usr/lib64/xtables/libxt_TOS.so • /usr/lib64/xtables/libxt_cgroup.so • /usr/lib64/xtables/libxt_cluster.so • /usr/lib64/xtables/libxt_comment.so • /usr/lib64/xtables/libip6t_REJECT.so • /usr/lib64/xtables/libxt_connbytes.so • /usr/lib64/xtables/libip6t_SNAT.so • /usr/lib64/xtables/libxt_connlabel.so • /usr/lib64/xtables/libip6t_SNPT.so • /usr/lib64/xtables/libxt_connlimit.so • /usr/lib64/xtables/libip6t_ah.so • /usr/lib64/xtables/libxt_connmark.so • /usr/lib64/xtables/libip6t_eui64.so • /usr/lib64/xtables/libxt_cpu.so • /usr/lib64/xtables/libip6t_frag.so • /usr/lib64/xtables/libxt_dccp.so • /usr/lib64/xtables/libip6t_hl.so • /usr/lib64/xtables/libxt_dscp.so • /usr/lib64/xtables/libxt_NFLOG.so • /usr/lib64/xtables/libip6t_ipv6header.so • /usr/lib64/xtables/libxt_ecn.so • /usr/lib64/xtables/libxt_esp.so • /usr/lib64/xtables/libip6t_rt.so • /usr/lib64/xtables/libipt_CLUSTERIP.so • /usr/lib64/xtables/libxt_helper.so • /usr/lib64/xtables/libipt_ECN.so • /usr/lib64/xtables/libipt_LOG.so • /usr/lib64/xtables/libxt_NFQUEUE.so • /usr/lib64/xtables/libxt_length.so • /usr/lib64/xtables/libipt_MIRROR.so • /usr/lib64/xtables/libxt_limit.so • /usr/lib64/xtables/libxt_mac.so • /usr/lib64/xtables/libxt_mark.so • /usr/lib64/xtables/libipt_REJECT.so • /usr/lib64/xtables/libxt_multiport.so • /usr/lib64/xtables/libxt_nfacct.so • /usr/lib64/xtables/libxt_osf.so • /usr/lib64/xtables/libipt_TTL.so • /usr/lib64/xtables/libipt_ULOG.so • /usr/lib64/xtables/libxt_physdev.so • /usr/lib64/xtables/libipt_ah.so • /usr/lib64/xtables/libxt_pkttype.so 45 • /usr/lib64/xtables/libxt_policy.so • /usr/lib64/xtables/libxt_quota.so • /usr/lib64/xtables/libipt_ttl.so • /usr/lib64/xtables/libipt_unclean.so • /usr/lib64/xtables/libxt_recent.so • /usr/lib64/xtables/libxt_AUDIT.so • /usr/lib64/xtables/libxt_rpfilter.so • /usr/lib64/xtables/libxt_CHECKSUM.so • /usr/lib64/xtables/libxt_sctp.so • /usr/lib64/xtables/libxt_CONNMARK.so • /usr/lib64/xtables/libxt_CONNSECMARK.so • /usr/lib64/xtables/libxt_socket.so • /usr/lib64/xtables/libxt_DSCP.so • /usr/lib64/xtables/libxt_standard.so • /usr/lib64/xtables/libxt_HMARK.so • /usr/lib64/xtables/libxt_IDLETIMER.so • /usr/lib64/xtables/libxt_statistic.so • /usr/lib64/xtables/libxt_LED.so • /usr/lib64/xtables/libxt_MARK.so • /usr/lib64/xtables/libxt_SECMARK.so • /usr/lib64/xtables/libxt_tcpmss.so • /usr/lib64/xtables/libxt_SYNPROXY.so • /usr/lib64/xtables/libxt_TCPMSS.so • /usr/lib64/xtables/libxt_TPROXY.so • /usr/lib64/xtables/libxt_tos.so • /usr/lib64/xtables/libxt_TEE.so • /usr/lib64/xtables/libxt_udp.so • /usr/lib64/libiptc.so.0.0.0 The following are from libaio. The functions are a thin layer over the io_ family of syscalls. They are just for compatibility should the ABI change. They don't need stack protection: • /usr/lib64/libaio.so.1.0.0 • /usr/lib64/libaio.so.1.0.1 The following are from perl-Filter. They each have one function which doesn't need stack smashing protection: • /usr/lib64/perl5/vendor_perl/auto/Filter/decrypt/decrypt.so • /usr/lib64/perl5/vendor_perl/auto/Filter/tee/tee.so • /usr/lib64/perl5/vendor_perl/auto/Filter/Util/Call/Call.so The following are from the perl language package. They are perl modules that are built by the perl compiler which does not support flag injection: • /usr/lib64/perl5/auto/Hash/Util/Util.so • /usr/lib64/perl5/vendor_perl/auto/Encode/Byte/Byte.so • /usr/lib64/perl5/vendor_perl/auto/Encode/CN/CN.so • /usr/lib64/perl5/vendor_perl/auto/Encode/EBCDIC/EBCDIC.so 46 • /usr/lib64/perl5/vendor_perl/auto/Encode/JP/JP.so • /usr/lib64/perl5/vendor_perl/auto/Encode/KR/KR.so • /usr/lib64/perl5/vendor_perl/auto/Encode/Symbol/Symbol.so • /usr/lib64/perl5/vendor_perl/auto/Encode/TW/TW.so • /usr/lib64/perl5/auto/Devel/Peek/Peek.so • /usr/lib64/perl5/auto/Fcntl/Fcntl.so • /usr/lib64/perl5/auto/I18N/Langinfo/Langinfo.so • /usr/lib64/perl5/auto/IO/IO.so The following is just a "C" interface to allow python to manipulate struct timeval data. The functions are simple and don't need stack protection. • /usr/lib64/python2.7/lib-dynload/timingmodule.so The following are from the rpm package. They are python modules that only have 4 function. None of which have arrays on the stack so no overflow is possible. • /usr/lib64/python2.7/site-packages/rpm/_rpmb.so • /usr/lib64/python2.7/site-packages/rpm/_rpms.so The following is a kernel library built under the kernel build policy. The kernel build policy does not use stack protection due to mixing with hand written assembler. • /usr/lib64/libcpupower.so.0.0.0 The following library comes from the glib2 package. The library only has a couple functions, none of which need stack protection. • /usr/lib64/libgthread-2.0.so.0.5600.1 The following is an empty dummy library from libjson-c who's whole purpose is to warn to link against libjson-c instead. • /usr/lib64/libjson.so.0.1.0 The following libraries come from openssl. They contain functions that are integers and pointers. One function has an array but its the only variable and one operation is performed on it, so it doesn't qualify for stack protection. The gmp library is a dummy library with 2 functions, neither have stack variables. • /usr/lib64/openssl/engines/libcapi.so • /usr/lib64/openssl/engines/libgmp.so The following comes from mariadb-libs. It has one function and it has no stack variables: • /usr/lib64/mysql/plugin/mysql_clear_password.so The following are from plymouth which is the splash screen that is displayed during boot and before anyone can login. The functions in the libraries are entirely pointers and integers. They do not need stack protection. • /usr/lib64/plymouth/details.so • /usr/lib64/plymouth/text.so 47 The following library comes from stunnel. It has one function which uses a pointer and two integers. It does not need stack protection. • /usr/lib64/stunnel/libstunnel.so The following libraries come from the ebtable package. The libraries are small with a few functions. The functions use pointers and integers. There is no need for stack smashing protection. • /usr/lib64/ebtables/libebt_AUDIT.so • /usr/lib64/ebtables/libebt_arpreply.so • /usr/lib64/ebtables/libebt_nat.so • /usr/lib64/ebtables/libebt_redirect.so • /usr/lib64/ebtables/libebt_standard.so • /usr/lib64/ebtables/libebtable_broute.so • /usr/lib64/ebtables/libebtable_filter.so • /usr/lib64/ebtables/libebtable_nat.so The following comes from coreutils and has 3 functions. None of them have an array on the stack so there is no possible overflow. • /usr/libexec/coreutils/libstdbuf.so