Configuring a Multilevel Secure System › z/OS UNIX SYSTEM SERVICES

z/OS UNIX SYSTEM SERVICES

In environments where users move across multiple hardware platforms and operating systems to access numerous applications, security is a major concern. Sites need the same control over data and resources accessed in an open system as they have in their mainframe environment. CA Top Secret offers security for such open environments by supporting z/OS UNIX System Services (UNIX) and the standards developed for a Portable Operating System Interface (POSIX). In addition, CA Top Secret supports security labels and security-label checking in a UNIX environment. This chapter explains how to implement and use security labels for UNIX functions in an CA Top Secret MLS environment.

Support for MLS UNIX

In addition to the basic UNIX functions that are supported by CA Top Secret, the following are also supported when MLS is active:

• Security labeling in a zSeries file system (zFS) and Hierarchical File System (HFS)
• Requiring security labels for all files and directories
• Requiring security labels for all IPC objects
• Assigning security labels to files and directories at the time they are created based on the security label of the parent directory or user (the label is stored in the File Security Packet (FSP))
• Assigning security labels to IPC objects at the time they are created (the label is stored in the IPC Security Packet (ISP))
• Assigning a security label to a UNIX user
• Assigning a security label to a UNIX session created by the su command
• Allowing authorized users to classify files and directories that were not labeled at the time they were created with the UNIX chlabel command (zFS only)
• Using symbolic links to define a different home and program for each security label that a user is authorized to use
• Controlling access to files and directories based on security labels
• Allowing communication between IPC objects only if their security labels are equivalent
• Validating user authorization to the following socket functions based on security labels: givesocket, takesocket, sendmsg, and recvmsg
• Allowing authorized users to display the security labels of files, directories and IPC objects using UNIX commands
• Hiding the names of files and subdirectories in a directory
• Defaulting a security label for a user who is entering the system from a remote IP address (using rlogin)
• Validating that the security label of a subject who is accessing the system from a remote IP address is equivalent to the security label of the IP address
• Bypassing security label checking for trusted users. If a user is identified in the system with an acid that has bypass attributes (NODSNCHK, NORESCHK, NOSUBCHK, NOVOLCHK, NOLCFCHK) he is considered trusted and MLS validation is bypassed.
• Displaying, activating, and deactivating individual user write-down protection status with the UNIX writedown command

Restrictions

The following restrictions apply when MLS is active on an CA Top Secret system:

• The HFS physical file system (PSF) does not support name-hiding
• The HFS PSF does not support the UNIX chlabel command
• The HFS PSF must be mounted in read-only mode. HFS can only properly be used in read-only mode (in this mode, security labels are not assigned to UNIX files and directories nor is security label checking performed); if used in read-write mode, MLS validations based on security labels will be inconsistent and inaccurate
• Mount an HFS file system only on a directory that has the same security label as the file system's root to prevent conflicts between directory search access and name-hiding
• Assign the security label SYSMULTI to mount point directories

Configuration Checklist

This checklist describes the software configuration requirements when MLS is active on an CA Top Secret system.