Canmove, confirm
937
edits
Changes
→Auditable Events
*** If <code>ulPinLen</code> is too short or too long, or the password that <code>pPin</code> points to is too weak (doesn't have enough character types), the return code is 0x000000A2 (<code>CKR_PIN_LEN_RANGE</code>).
* the addition or deletion of an operator to/from a crypto officer role: Since any authorized operator can assume the crypto officer role, this event is equivalent to the addition or deletion of a user account in the OS. These events are recorded by the audit mechanism of the OS.
** Red Hat Enterprise Linux 4: *** The programs <code>/usr/sbin/useradd</code>, <code>/usr/sbin/usermod</code>, and <code>/usr/sbin/userdel</code> in the shadow-utils package audit the addition or deletion of user accounts. You can verify by doing <code>ldd</code> against the programs and seeing that they are linked to <code>libaudit.so.0</code>. The audit message types are <code>AUDIT_ADD_USER</code> and <code>AUDIT_DEL_USER</code>.*** FAU_SMR.1 ''Modifications to the group of users that are part of a role'' are auditable events. (See [http://www.commoncriteriaportal.org/public/files/epfiles/ST_VID10072-ST.pdf Security Target], Table 5-1, page 32.)
** Trusted Solaris 8: Audit.5 ''The creation, deletion, disabling or enabling of user accounts is auditable''. (See [http://www.commoncriteriaportal.org/public/files/epfiles/TSolaris8_Issue3.1.pdf Security Target], page 55.)
* operations to process audit data stored in the audit trail: these operations are recorded by the audit mechanism of the OS.
