Introduction This directory contains the packages and the documentation required to install and configure Red Hat Enterprise Linux 4 Update 1 (RHEL4-U1) on a specific set of IBM platforms to an evaluated level. This level meets the Common Criteria Controlled Access Protection Profile (CAPP) at Assurance Level 4+ (EAL4+). This evaluation was conducted by an independent evaluator, atsec Information Security (http://www.atsec.com/), using the Common Criteria methodology (http://www.commoncriteriaportal.org/) and validated by the Common Criteria Evaluation and Validation Scheme (CCEVS) Validation Body of the U.S. Government (http://niap.nist.gov/cc-scheme). For more information regarding the Common Criteria Evaluation process and Protection Profiles, Web URLs are provided at the end of this file. Purpose The purpose of this README is to guide the reader on how to obtain the Evaluation Configuration Guide (ECG) in order to use its instructions. The (ECG) is contained in the capp-eal4-config-ibm-1.0-2.EL4.noarch.rpm RPM package and lists the requirements and describes how to install and configure a RHEL4-U1 system to be compliant with the Controlled Access Protection profile (CAPP). The ECG file RHEL-CAPP-EAL4-IBM-Configuration-Guide is included in the following rpm: ftp://partners.redhat.com/EAL4_RHEL4/IBM/capp-eal4-config-ibm/1.0-2.EL4/noarch/capp-eal4-config-ibm-1.0-2.EL4.noarch.rpm To get the ECG do the following:: 1- Install a fresh RHEL4-U1 system. choosing the minimal install option. (See Note1) 2- Download the capp-eal4-config-ibm-1.0-2.EL4.noarch.rpm from the above ftp directory: wget ftp://partners... (use FTP URL above) 3- Run as root at a command line: rpm -i capp-eal4-config-ibm-1.0-2.EL4.noarch.rpm 4- The ECG file RHEL-CAPP-EAL4-IBM-Configuration-Guide is included in multiple formats: as man page, pdf, pod and txt. You can find the various formats in directory /usr/share/doc/capp-eal4-config-ibm-0.0. 5- Read the ECG and follow the instructions carefully. Note1: The evaluated configuration must be set up starting from a freshly installed minimal installation. When using the graphical installer, select the Minimal set of packages. If using the text-mode installer or if the installer does not offer Minimal as a selection, you MUST manually remove all check marks in the Package Group Selections dialog. The configuration script may fail if the installation includes additional packages such as multiple glibc versions. As a workaround, if the glibc upgrade fails for example, you can remove obsolete glibc versions using a command such as "rpm -e glibc 2.3.4-2.9", and re-run the configuration script, but setting up the evaluated configuration requires exactly following the installation steps in the guide. Note2: Alternatively, you can use the following extraction command on any system containing the RPM packaging tools without installing the package or requiring root rights: rpm2cpio capp-eal4-config-ibm-1.0-2.EL4.noarch.rpm | cpio -id This will extract the content into the current working directory, with the documentation in the usr/share/doc/capp-eal4-config-ibm-0.0/ subdirectory. Related Links http://www.atsec.com/ http://www.ibm.com/ http://www.redhat.com/ http://commoncriteriaportal.org/ http://niap.nist.gov/cc-scheme http://niap.nist.gov/cc-scheme/pp/PP_CAPP_V1.d.html