6 Mapping the TOE summary specification to the High-Level Design
This chapter provides a mapping of the security functions of the TOE summary specification to the functions
described in this High-Level Design document.
6.1 Identification and authentication
Section 5.11 provides details of the SLES Identification and Authentication subsystem.
6.1.1 User identification and authentication data management (IA.1)
Section 5.11.2 provides details of the configuration files for user and authentication management.
Section 5.11.3.6 explains how a password can be changed.
6.1.2 Common authentication mechanism (IA.2)
Section 5.11.1 provides a description of PAM, which is used to implement the common authentication
mechanism for all the activities that create a user session.
6.1.3 Interactive login and related mechanisms (IA.3)
Section 5.11.3.3 provides a description of the interactive login process. Section 5.12.2 describes the process
of obtaining a shell from the remote system.
6.1.4 User identity changing (IA.4)
Section 5.11.3.7 provides a description of changing identity on the local system using the su command.
6.1.5 Login processing (IA.5)
Section 5.11.3.3 provides details of the login process and also a description of changing identity on the
local system.
6.2 Audit
Section 5.6 provides details of the Linux audit subsystem.
6.2.1 Audit configuration (AU.1)
Section 5.6.2 provides details of configuration of the audit subsystem to select events to be audited based on
rules defined in /etc/audit.rules audit configuration file. Section 5.15.3 describes how configuration
parameters are loaded into the SLES kernel.
6.2.2 Audit processing (AU.2)
Sections 5.6.1 and 5.6.1.2 provide details of how processes attach and detach themselves from the audit
subsystem. Section 5.15.1 describes the audit daemon and how it reads audit data from the kernel buffer and
writes audit records to a disk file.
218