The Official Unofficial Zorp project
 
Overview| Examples| Bugs| FAQ | White papers | Download | Help wanted | SourceForge Project page | Filltable utility  
 
 
SourceForge.net: SF.net Project News: Zorp unofficial
  • zorp 2.0.9-6 has been released
  • iptables-utils zorp-unoff version has been released
  • New whitepaper, even more FAQs
  • Zorp whitepapers released, new FAQs
  • New tproxy versions
  • New Zorp version: get the DN
  • The best bughunter
  • Bughunting contest extended
  • Valentine day bughunting contest!
  • Site updates: FAQ, design
    		•
    SourceForge.net: Project File Releases: Zorp unofficial
  • zorp 2.0.9-6 released (Mon, 01 Nov 2004 21:49:58 GMT)
  • zorp 2.0.9-6 released (Mon, 01 Nov 2004 21:40:56 GMT)
  • iptables-utils 1.21-1 released (Mon, 01 Nov 2004 21:19:42 GMT)
  • zorp 2.0.9-1 released (Sat, 12 Jun 2004 00:00:00 GMT)
  • zorplibll 2.0.26.24-1 released (Sat, 12 Jun 2004 00:00:00 GMT)
  • zorp zorp_2.0.8-1 released (Thu, 11 Dec 2003 00:00:00 GMT)
  • zorp zorp_2.0.7-2 released (Wed, 03 Dec 2003 00:00:00 GMT)
  • zorp zorp_2.0.7-1 released (Tue, 11 Nov 2003 00:00:00 GMT)
  • zorplibll zorplibll_2.0.26.23-1 released (Mon, 10 Nov 2003 00:00:00 GMT)
    		•
    		Next Previous Contents

    1. Introduction

    This document describes the processes, roles, responsibilities, and security measures related to the configuration management of the filltable utility. Throughout the document we refer to the relevant security assurance requirements from the class ACM.

    This is the CM documentation (ACM_CAP.4.3D),which have the following parts:

    • CM plan (ACM_AUT.2.2D, ACM_CAP.4.3C))
    • acceptance plan (ACM_CAP.4.3C)
    • configuration list (ACM_SCP.2.1D, ACM_CAP.4.3C)

    This document:

    • tells that GNU arch is used throughout the development of the TOE as a CM system (ACM_AUT.2.1D,ACM_CAP.4.2D)
    • describes gnu arch with a reference to its documentation and by the description of how it is used in the CM system (ACM_AUT.2.3C, ACM_AUT.2.4C), and how the CM system is used (ACM_CAP.4.7C): how the source files are checked out, committed, and tagged to branches.
    • specifically shows how to ascertain the changes between the TOE and its preceeding version in an automated way (ACM_AUT.2.5C)
    • shows that only authorized changes are made to the TOE implementation representation and to all other configuration items (ACM_AUT.2.1C), as only the lead developer is able to commit changes to the master repository, and these are the authorized changes (ACM_CAP.4.10C)
    • shows that the CM system provides automated means to support the generation of the TOE (ACM_AUT.2.2C, ACM_CAP.4.11C), as the files controlling the generation of the TOE (Makefile and various files under the debian/ subdir) are under the control of the CM system.
    • describes how the logs generated by the CM system demonstrate that the CM system is operating in accordance with the CM plan (ACM_CAP.4.8C), and that all configuration items have been and are being effectively maintained under the CM system (ACM_CAP.4.9C)
    • shows that the modification of configuration items do not affect affect other configuration items (ACM_AUT.2.6C is not relevant)
    • shows that the TOE is referenced, the reference is unique for each version of the TOE, and the TOE is labelled with its referece (ACM_CAP.4.1D, CM_CAP.4.1C,ACM_CAP.4.2C)
    • describes the method (ls and find) to uniquely identify all configuration items (ACM_CAP.4.5C)
    • shows that the CM system uniquely identifies all configuration items (ACM_CAP.4.6C)
    • in the configuration list uniquely identify and describe all configuration items that comprise the TOE. (ACM_CAP.4.4C)
    • shows that the configuration items include the implementation representation (source code), security flaws, and the evaluation evidence (ACM_SCP.2.1C)
    • in the acceptance plan describes the procedures to accept modified or newly created configuration items as part of the TOE. (ACM_CAP.4.12C)

    Next Previous Contents