Meeting Security Requirements with FreeBSD

Michael A. Koerber mak at
Wed Apr 20 04:43:02 PDT 2005


1.  Currently FreeBSD (or any other BSD) doesn't seem to be on the list
of approved OS's for classified processing.  I'm trying to obtain at
least local approval, but I don't speak the "security language" too
well.  Any help would be greatly appreciated.

2.  The unix's that are approved are Solaris and Redhat/Fedora.  I have
reviewed the "PL1 Checklists" and it seems to me that Redhat/Linux might
be the closest set of requirements, so I'm working off that.

3.  I've "mapped" most of the requirements to FreeBSD (basic unix stuff).

4.  The major sticking point today is "Accesses to Security-Relevant

  a. Under Redhat the requirement is "Implement Snare" or "Implement
LauS (Linux Auditing System".

  b.  The Solaris equivalent requirement seems to be set up of the Basic
Security Model "BSM".

  I don't see either of these packages ported to BSD.  What is the BSD
approach to meeting the (logging) requirements provided by the above
packages?  I thought that MAC might be the answer, but I see nothing
about logging "events" in the manual.

Dr Michael A. Koerber

More information about the freebsd-stable mailing list