[jboss-cvs] JBossAS SVN: r81267 - in projects/docs/enterprise/4.3.3: Common_Criteria_Guide/en-US and 6 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Nov 18 19:54:37 EST 2008
Author: irooskov at redhat.com
Date: 2008-11-18 19:54:37 -0500 (Tue, 18 Nov 2008)
New Revision: 81267
Added:
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/Backup_of_CCGuide
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/Makefile
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Appendix.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Author_Group.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Book_Info.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Common_Criteria_Configuration_Guide.ent
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Common_Criteria_Configuration_Guide.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Introduction.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Preface.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/RHEL_4_RPM_List.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/RHEL_5_RPM_List.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Requirements_for_the_Evaluated_Configuration.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Revision_History.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Security_Configuration.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Security_Features.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/System_Configuration.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/System_Installation.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Tested_Security_Policy.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_Channels.png
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_EAP_details.png
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_Login.png
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_address.png
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_download.png
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_select_version.png
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/certificate.png
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/lookup_MD5_value.png
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/rhn_certificate.png
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/software_downloads.png
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/ssl_addressbar.png
projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/ssl_statusbar.png
Modified:
projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Requirements_for_the_Evaluated_Configuration.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/System_Installation.xml
projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/images/lookup_MD5_value.png
projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/images/software_downloads.png
projects/docs/enterprise/4.3.3/Getting_Started/en-US/Book_Info.xml
projects/docs/enterprise/4.3.3/Installation_Guide/en-US/Book_Info.xml
Log:
adding CC Guide backup
Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Requirements_for_the_Evaluated_Configuration.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Requirements_for_the_Evaluated_Configuration.xml 2008-11-19 00:34:52 UTC (rev 81266)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/Requirements_for_the_Evaluated_Configuration.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -17,7 +17,7 @@
<listitem><para>BEA JRockit JRE 1.5.x &1.6.x</para></listitem>
<listitem><para>HP-UX JRE 1.5.x &1.6.x</para></listitem>
<listitem><para>IBM JRE 1.5.x &1.6.x</para></listitem>
- <listitem><para>OpenJDK 6</para></listitem>
+ <!-- <listitem><para>OpenJDK 6</para></listitem> -->
</itemizedlist>
</section>
@@ -45,6 +45,86 @@
<para>
For information on how to configure each database with the JBoss Enterprise Application Platform refer to <xref linkend="configuration_requirements-database_configuration"/>.
</para>
+ <para>
+ The MD5 checksums for each database system is as follows:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Oracle 10g R2 version 10.2.0.2.0
+ </para>
+<screen>$ md5sum ojdbc14.jar
+8ae726d3a32c3cc3adbbe6793ade57f8 ojdbc14.jar
+</screen>
+ <para>
+ Download this driver from the <ulink url="http://www.oracle.com/technology/software/tech/java/sqlj_jdbc/index.html">Oracle driver download page</ulink>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Oracle 9i
+ </para>
+<screen>$ md5sum
+</screen>
+ <para>
+ Download this driver from the <ulink url="http://www.oracle.com/technology/software/tech/java/sqlj_jdbc/index.html">Oracle driver download page</ulink>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Microsoft SQL Server 2005 JDBC Driver 1.2
+ </para>
+<screen>$ md5sum jtds-1.2.jar
+8d3457be7178103ac846fcf407b6e559 jtds-1.2.jar
+</screen>
+ <para>
+ Download this driver from the <ulink url="http://www.microsoft.com/downloads/details.aspx?FamilyId=C47053EB-3B64-4794-950D-81E1EC91C1BA&displaylang=en">Microsoft SQL Server 2005 JDBC Driver download page</ulink>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ MySQL version 5.0.8
+ </para>
+<screen>$ md5sum mysql-connector-java-5.0.8.zip
+569f7284761b8162a2d2ac0a9786581a mysql-connector-java-5.0.8.zip
+</screen>
+ <para>
+ Download this driver from the <ulink url="http://dev.mysql.com/downloads/connector/j/5.0.html">MySQL Connector/J download page</ulink>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ PostgreSQL version 8.2-504
+ </para>
+<screen>$ md5sum postgresql-8.2-504.jdbc3.jar
+aa8fb66ad71300b635943a8f473a3261 postgresql-8.2-504.jdbc3.jar
+</screen>
+ <para>
+ Download this driver from the <ulink url="http://jdbc.postgresql.org/">PostgreSQL JDBC Driver download page</ulink>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ DB2 version 8.2.7 and JDBC version 2.10.52
+ </para>
+<screen>$ md5sum db2jcc.jar
+1ae13ee23b595de8b282a7974e5cc25c db2jcc.jar
+</screen>
+ </listitem>
+ <listitem>
+ <para>
+ DB2 version 9.1 Fixpack 3 and JDBC version 3.1.57
+ </para>
+<screen>$ md5sum db2jcc.jar
+6b33669a5c2173e65f6bb6618e935b8d db2jcc.jar
+</screen>
+ </listitem>
+ </itemizedlist>
+ <important>
+ <para>
+ Only the exact specified versions of each database and the respective driver is certified to work with the JBoss Enterprise Application Platform 4.3.0.CP03.
+ </para>
+ </important>
</section>
</section>
@@ -78,6 +158,14 @@
<title>Connectivity Requirements</title>
<para>The operating system and the Java virtual machine operate according to their specification. These external systems shall be configured in accordance with this guidance.</para>
<para>Any other system with which JBoss EAP communicates is assumed to be under the same management control and operate under the same security policy constraints as JBoss EAP.</para>
+ <section id="connectivity_requirements.cluster">
+ <title>
+ Cluster Connectivity Requirements
+ </title>
+ <para>
+ In case multiple instances of JBoss are joined into a cluster, it is assumed that the administrator ensures that the cluster communication network is physically separated from any other network attached to cluster nodes. In addition, the administrator has to ensure that the operating system of each cluster node is configured in a way that prevents forwarding of network traffic from any network into the separated cluster network as well as forwarding of network traffic from the cluster network to any other network.
+ </para>
+ </section>
</section>
<section id="configuration_requirements">
Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/System_Installation.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/System_Installation.xml 2008-11-19 00:34:52 UTC (rev 81266)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/System_Installation.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -74,7 +74,7 @@
Customer support site by browsing to <guimenuitem>JBoss Enterprise Middleware</guimenuitem>,
<guimenuitem>Application Platform</guimenuitem>, <guimenuitem>Certified downloads</guimenuitem>.</para>
- <figure><title>Software downloads page showing available JBoss EAP files (example image is of a previous version of the EAP)</title>
+ <figure><title>Software downloads page showing available JBoss EAP files</title>
<mediaobject>
<imageobject><imagedata fileref="images/software_downloads.png" /></imageobject>
</mediaobject>
@@ -89,7 +89,7 @@
checksum values for that package. These values are used to verify the integrity
of your downloaded files.</para>
-<figure><title>MD5 & SHA-256 information displayed for a download at the Red Hat JBoss Customer Support Portal (example image is of a previous version of the EAP)</title>
+<figure><title>MD5 & SHA-256 information displayed for a download at the Red Hat JBoss Customer Support Portal</title>
<mediaobject>
<imageobject><imagedata fileref="images/lookup_MD5_value.png" /></imageobject>
</mediaobject>
@@ -125,8 +125,8 @@
the file you downloaded as the first argument. </para>
<example><title>Using the md5sum tool on Linux or Unix</title>
- <screen>$ md5sum jboss-eap-4.3.0.GA_CP03.zip
-b6fd40c285f0243133dd29789f6a08a0 jboss-eap-4.3.0.GA_CP03.zip </screen>
+<screen>$ md5sum jboss-eap-4.3.0.GA_CP03.zip
+3f750b0bd3ec997658a7368cb46e912a jboss-eap-4.3.0.GA_CP03.zip </screen>
</example>
</section>
@@ -137,8 +137,8 @@
the file you downloaded as the first argument. </para>
<example><title>Using the sha256sum tool</title>
- <screen>$ sha256sum jboss-eap-4.3.0.GA_CP03.zip
-5528af48ce51f4fd5dcdda13a53e132d0807385b5e416da0f5d631d36e86aabf jboss-eap-4.3.0.GA_CP03.zip </screen>
+<screen>$ sha256sum jboss-eap-4.3.0.GA_CP03.zip
+24f88354add8adc7f6f2807705cc36ed4fc4242c5375414962cbfca77cf19640 jboss-eap-4.3.0.GA_CP03.zip </screen>
</example>
</section>
@@ -188,7 +188,7 @@
From the filtered list that is returned and after selecting the appropriate version of the JBoss EAP for your system, another page will be displayed which outlines the details of the download.
</para>
- <figure><title>JBoss EAP download details (example image is of a previous version of the EAP)</title>
+ <figure><title>JBoss EAP download details</title>
<mediaobject>
<imageobject><imagedata fileref="images/RHN_EAP_details.png" /></imageobject>
</mediaobject>
@@ -198,12 +198,38 @@
Under the JBoss Application Platform title is a list of tabs. Curently the <guimenuitem>Details</guimenuitem> tab is selected. By clicking on the last tab called <guimenuitem>Downloads</guimenuitem>, a list of all the downloads which form the JBoss EAP will be displayed.
</para>
- <figure><title>JBoss EAP download file list (example image is of a previous version of the EAP)</title>
+ <figure><title>JBoss EAP download file list </title>
<mediaobject>
<imageobject><imagedata fileref="images/RHN_download.png" /></imageobject>
</mediaobject>
</figure>
+ <para>
+ The packages listed above can be explained as follows:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <filename>enterprise-installer-4.3.0.GA_CP03.jar</filename>: The graphical installer for EAP 4.3.0.CP03.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <filename>jboss-eap-4.3.0.GA_CP03.zip</filename>: The software files that make up the EAP 4.3.0.CP03 installation.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <filename>jboss-eap-docs-4.3.0.GA_CP03.zip</filename>: The documentation for EAP 4.3.0.CP03.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <filename>jboss-eap-src-4.3.0.GA_CP03.zip</filename>: The graphical installer for EAP 4.3.0.CP03.
+ </para>
+ </listitem>
+ </itemizedlist>
+
<para>The software details page also contains the MD5 checksum values for each package. These values are used to verify the integrity of your downloaded files.</para>
<para>You can use the <command>md5sum</command> utility as detailed below to calculate
Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/images/lookup_MD5_value.png
===================================================================
(Binary files differ)
Modified: projects/docs/enterprise/4.3.3/Common_Criteria_Guide/en-US/images/software_downloads.png
===================================================================
(Binary files differ)
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/Backup_of_CCGuide
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/Backup_of_CCGuide (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/Backup_of_CCGuide 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,3 @@
+This is a back-up copy of the CC Guide created on 20081119, but containing updates until 20081118 and nothing afterwards.
+
+This has been created because after this date the server configuration we are using has changed from 'produciton' to 'cc'.
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/Makefile
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/Makefile (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/Makefile 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,11 @@
+#Makefile for Common_Criteria_Guide
+
+XML_LANG = en-US
+BRAND = JBoss
+
+#OTHER_LANGS = as-IN bn-IN de-DE es-ES fr-FR gu-IN hi-IN it-IT ja-JP kn-IN ko-KR ml-IN mr-IN or-IN pa-IN pt-BR ru-RU si-LK ta-IN te-IN zh-CN zh-TW
+TRANSLATIONS = $(XML_LANG) $(OTHER_LANGS)
+
+COMMON_CONFIG = /usr/share/publican
+include $(COMMON_CONFIG)/make/Makefile.common
+
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Appendix.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Appendix.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Appendix.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,405 @@
+<?xml version='1.0'?>
+<!DOCTYPE appendix PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<appendix>
+ <section>
+ <title>RPM Listings for a Red Hat Enterprise Linux 5</title>
+ <itemizedlist>
+ <listitem>
+ <para>
+ asm-1.5.3-1jpp.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ bea-stax-1.2.0-0.rc1.2jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ bea-stax-api-1.2.0-0.rc1.2jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ berkeleydb-2.0.90-1jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ cglib-2.1.3-2jpp.ep1.6.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ concurrent-1.3.4-8jpp.ep1.6.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ dom4j-1.6.1-2jpp.ep1.5.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ dtdparser-1.21-2jpp.ep1.2.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ geronimo-j2ee-1.4-apis-1.0-3jpp.ep1.3.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jaf-1.1.0-0jpp.ep1.12.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-javamail-1.4.0-0jpp.ep1.10.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jaxb-2.1.4-1jpp.ep1.4.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jaxws-2.1.1-1jpp.ep1.3.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jsf-1.2_09-0jpp.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jstl-1.2.0-0jpp.ep1.10.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ gnu-getopt-1.0.12-1jpp.ep1.2.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ gnu-trove-1.0.2-5jpp.ep1.2.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-3.2.4-1.SP1_CP06.0jpp.ep1.3.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-annotations-3.2.1-5.GA_CP03.1jpp.ep1.1.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-annotations-javadoc-3.2.1-5.GA_CP03.1jpp.ep1.1.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-commons-annotations-0.0.0-3.1jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-entitymanager-3.2.1-2.GA_CP04.1jpp.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-entitymanager-javadoc-3.2.1-2.GA_CP04.1jpp.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-javadoc-3.2.4-1.SP1_CP06.0jpp.ep1.3.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-validator-0.0.0-2.1jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ icu4j-3.4.5-2jpp.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ isorelax-0.1-0.20041111.2jpp.ep1.2.el5.4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jacorb-2.3.0-1jpp.ep1.5.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-commons-transaction-1.1-3jpp.1.ep1.3.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-slide-webdavclient-2.1-3jpp.ep1.3.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ javassist-3.8.0-1jpp.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jaxen-1.1-1jpp.ep1.4.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-aop-1.5.5-3.CP03.1.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossas-4.3.0-3.GA_CP03.6.2.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossas-client-4.3.0-3.GA_CP03.6.1.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-cache-1.4.1-5.SP10.1.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-common-1.2.1-0jpp.ep1.2.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-jaxr-1.2.0-SP1.0jpp.ep1.5.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-messaging-1.4.0-2.SP3_CP04.3.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-microcontainer-1.0.2-4.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-profiler-1.0-0.1.CR5.1jpp.ep1.3.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-remoting-2.2.2-3.SP10.0jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.8.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.8.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-serialization-1.0.3-1jpp.ep1.4.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossts-4.2.3-1.SP5_CP02.1jpp.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossweb-2.0.0-6.CP08.0jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossws-2.0.1-3.SP2_CP04.1.1.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossws-common-1.0.0-2.GA_CP02.1.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossws-framework-2.0.1-1.GA_CP02.1.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossws-spi-1.0.0-1.GA_CP01.1.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossxb-1.0.0-2.SP3.0jpp.ep1.3.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jcommon-1.0.12-1jpp.ep1.3.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jfreechart-1.0.9-1jpp.ep1.3.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jgroups-2.4.4-2.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ joesnmp-0.3.4-1jpp.ep1.2.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ juddi-0.9-0.rc4.2jpp.ep1.8.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ msv-1.2-0.20050722.5jpp.ep1.1.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ msv-xsdlib-1.2-0.20050722.5jpp.ep1.1.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ odmg-3.0-3jpp.ep1.2.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ qdox-1.6.1-1jpp.ep1.5.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ quartz-1.5.2-1jpp.ep1.5.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ relaxngDatatype-1.0-2jpp.ep1.2.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ rh-eap-docs-4.3.0-4.GA_CP03.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ servletapi6-6.0.10-3jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ snmptrapappender-1.2.8-5jpp.ep1.2.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ tanukiwrapper-3.2.1-2jpp.ep1.1.el5.i386.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ ws-commons-policy-1.0-2jpp.ep1.5.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ wsdl4j16-1.6.2-0jpp.ep1.2.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ ws-jaxme-0.5.1-2jpp.ep1.1.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ wstx-3.1.1-1jpp.ep1.2.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xml-im-exporter-1.1-2jpp.ep1.1.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xml-security-1.3.0-1jpp.ep1.3.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xom-1.0-2jpp.ep1.3.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xpp2-2.1.10-4jpp.ep1.2.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xpp3-1.1.3.4.O-2jpp.ep1.1.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ </itemizedlist>
+</section>
+ <appendixinfo>
+ <xi:include href="Revision_History.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ </appendixinfo>
+</appendix>
+
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Author_Group.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Author_Group.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Author_Group.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,7 @@
+<?xml version='1.0'?>
+<!DOCTYPE authorgroup PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<authorgroup>
+ <corpauthor>Red Hat Documentation Group</corpauthor>
+</authorgroup>
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Book_Info.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Book_Info.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Book_Info.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,30 @@
+<?xml version='1.0'?>
+<!DOCTYPE bookinfo PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<bookinfo id="Common_Criteria_Guide-Product_Name_and_Version">
+ <title>Common Criteria Configuration Guide</title>
+ <subtitle>JBoss Enterprise Application Platform</subtitle>
+ <edition>1.0</edition>
+ <pubsnumber>1</pubsnumber>
+ <productnumber>4.3</productnumber>
+ <productname>JBoss Enterprise Application Platform</productname>
+
+ <abstract>
+ <para>This book describes the configuration of JBoss EAP 4.3 used for
+ the Common Criteria security evaluation</para>
+ </abstract>
+
+ <corpauthor>
+ <inlinemediaobject>
+ <imageobject>
+ <imagedata format='SVG' fileref="Common_Content/images/title_logo.svg" />
+ </imageobject>
+ </inlinemediaobject>
+ </corpauthor>
+
+ <xi:include href="Common_Content/Legal_Notice.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+</bookinfo>
+
+
+
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Common_Criteria_Configuration_Guide.ent
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Common_Criteria_Configuration_Guide.ent (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Common_Criteria_Configuration_Guide.ent 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,6 @@
+<!ENTITY PRODUCT "JBoss_Enterprise_Application_Platform">
+<!ENTITY BOOKID "Common_Criteria_Guide">
+<!ENTITY YEAR "2008">
+<!ENTITY HOLDER "Red Hat, Inc">
+<!ENTITY TITLE "Common Criteria Guide">
+<!ENTITY SUBTITLE "JBoss Enterprise Application Platform">
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Common_Criteria_Configuration_Guide.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Common_Criteria_Configuration_Guide.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Common_Criteria_Configuration_Guide.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,18 @@
+<?xml version='1.0'?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<book>
+ <xi:include href="Book_Info.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="Preface.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+
+ <xi:include href="Introduction.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="Requirements_for_the_Evaluated_Configuration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="System_Installation.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="Security_Configuration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="Security_Features.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="RHEL_4_RPM_List.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="RHEL_5_RPM_List.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="Revision_History.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+</book>
+
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Introduction.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Introduction.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Introduction.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,67 @@
+<?xml version='1.0'?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<chapter id="chap-Common_Criteria_Guide-Introduction">
+ <title>Introduction</title>
+ <section id="sect-Common_Criteria_Guide-Introduction-Purpose_of_this_Document">
+ <title>Purpose of this Document</title>
+ <para>This document is a security guide for administrators and application developers
+ who wish to use JBoss Enterprise Application Platform (JBoss EAP) 4.3 CP03 in its
+ certified Common Criteria compliant secure configuration. It is intended to be
+ self-contained in addressing the most important issues at a high level, and refers to
+ other existing documentation where more details are needed. Knowledge of the Common
+ Criteria is not required for readers of this document.</para>
+
+ <para>JBoss EAP Version 4.3 CP03 is the subject of this document as the Target of
+ Evaluation (TOE) for Common Criteria certification. JBoss EAP Version 4.3 CP03 has
+ been evaluated under Common Criteria version 3.1 at level of assurance EAL2 augmented
+ with ALC_FLR.3. This provides assurance that the product has been structurally tested.</para>
+
+ <para>All usages of the term “JBoss EAP” in this document refer to the Common Criteria
+ certified configuration of JBoss EAP Version 4.3 CP03.</para>
+
+ <para>Chapter 1 contains a brief introduction to the CC certification & the structure of this book.</para>
+ <para>Chapter 2 contains the requirements for deploying the certified product.</para>
+ <para>Chapter 3 contains the steps that are required in downloading &verifying the authenticity of the CC product.</para>
+ <para>Chapter 4 provides instructions on how to start the server and the different modes of operation.</para>
+ <para>Chapter 5 contains the details of the security implementation & usage limitations of the CC product.</para>
+
+ <para>Should there be any discrepancy between information contained in this guide
+ and any other product documentation, the CC Guide information takes precedence,
+ as it addresses the requirements for the evaluated configuration of JBoss EAP.</para>
+
+ </section>
+
+ <section id="sect-Common_Criteria_Guide-Introduction-What_is_a_CC_compliant_system">
+ <title>What is a Common Criteria Compliant System?</title>
+ <para>The <firstterm>Common Criteria for Information Technology Security Evaluation</firstterm>,
+ usually known as <firstterm>Common Criteria</firstterm> or <firstterm>CC</firstterm>, is
+ an internationally-recognized standard (ISO/IEC 15408) used as the basis for independent
+ evaluation of the security properties of an IT product.</para>
+
+ <para>Common Criteria provide consumers with an impartial security assurance of a
+ product to predefined levels. These levels range from EAL1 to EAL7, each placing
+ increased demands on the developer for evidence of testing, in turn providing
+ increased assurance within the product for consumers.</para>
+
+ <para>Under the Common Criteria Recognition Arrangement (CCRA), members agree to
+ recognize Common Criteria certificates that have been produced by any certificate
+ authorizing participant, in accordance with the terms laid out in the CCRA. Currently,
+ the CCRA is comprised of 22 member nations: Australia, Austria, Canada, the Czech
+ Republic, Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, the
+ Netherlands, New Zealand, Norway, the Republic of Singapore, Spain, Sweden, Turkey,
+ the United Kingdom, and the United States. New members are expected to join in the
+ near future.</para>
+
+ <para>A system can be considered to be <emphasis>CC compliant</emphasis> if it matches
+ an evaluated and certified configuration. This implies various requirements concerning
+ hardware and software, as well as requirements concerning the operating environment,
+ users, and the ongoing operating procedures.</para>
+
+ <para>You can find further information on Common Criteria at
+ <ulink url="http://www.commoncriteria.org">http://www.commoncriteria.org</ulink>.</para>
+ </section>
+
+</chapter>
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Preface.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Preface.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Preface.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,15 @@
+<?xml version='1.0'?>
+<!DOCTYPE preface PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<preface id="Common_Criteria_Guide-Preface">
+ <title>Preface</title>
+ <para>
+ </para>
+ <xi:include href="Common_Content/Conventions.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="Feedback.xml" xmlns:xi="http://www.w3.org/2001/XInclude">
+ <xi:fallback xmlns:xi="http://www.w3.org/2001/XInclude">
+ <xi:include href="Common_Content/Feedback.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ </xi:fallback>
+ </xi:include>
+</preface>
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/RHEL_4_RPM_List.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/RHEL_4_RPM_List.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/RHEL_4_RPM_List.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,534 @@
+<?xml version='1.0'?>
+<!DOCTYPE revhistory PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<appendix id="appe-RHEL_4_RPM_List">
+<title>RPM Listings for a Red Hat Enterprise Linux 4 installation</title>
+ <itemizedlist>
+ <listitem>
+ <para>
+ antlr-2.7.6-3jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ asm-1.5.3-1jpp.ep1.2.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ avalon-framework-4.1.5-1jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ avalon-logkit-1.2-2jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ bcel-5.1-1jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ bea-stax-1.2.0-0.rc1.2jpp_1rh.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ bea-stax-api-1.2.0-0.rc1.2jpp_1rh.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ berkeleydb-2.0.90-1jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ bsf-2.3.0-6jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ bsh-1.3.0-5jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ cglib-2.1.3-2jpp.ep1.6.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ concurrent-1.3.4-7jpp.ep1.6.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ dom4j-1.6.1-2jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ dtdparser-1.21-2jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ geronimo-j2ee-1.4-apis-1.0-3jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jaf-1.1.0-0jpp.ep1.12.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-javamail-1.4.0-0jpp.ep1.10.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jaxb-2.1.4-1jpp.ep1.2.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jaxws-2.1.1-1jpp.ep1.3.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jsf-1.2_09-0jpp.ep1.2.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jstl-1.2.0-0jpp.ep1.10.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ gnu-getopt-1.0.12-1jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ gnu-trove-1.0.2-5jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-3.2.4-1.SP1_CP06.0jpp.ep1.3.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-annotations-3.2.1-5.GA_CP03.1jpp.ep1.1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-annotations-javadoc-3.2.1-5.GA_CP03.1jpp.ep1.1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-commons-annotations-0.0.0-3.1jpp.ep1.1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-entitymanager-3.2.1-2.GA_CP04.1jpp.ep1.2.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-entitymanager-javadoc-3.2.1-2.GA_CP04.1jpp.ep1.2.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-javadoc-3.2.4-1.SP1_CP06.0jpp.ep1.3.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-validator-0.0.0-2.1jpp.ep1.1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hsqldb-1.8.0.8-2.patch01.1jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ icu4j-3.4.5-2jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ isorelax-0.1-0.20041111.2jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jacorb-2.3.0-1jpp.ep1.4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-commons-beanutils-1.7.0-2jpp.ep1.5.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-commons-codec-1.3-2jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-commons-collections-3.1-1jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-commons-dbcp-1.2.1-7jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-commons-digester-1.7-6jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-commons-discovery-0.4-1jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-commons-fileupload-1.1.1-3jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-commons-httpclient-3.0.1-1jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-commons-logging-1.0.4-6jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-commons-pool-1.3-2jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-commons-transaction-1.1-3jpp.1.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-slide-webdavclient-2.1-3jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ javassist-3.8.0-1.ep1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jaxen-1.1-1jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-aop-1.5.5-3.CP03.1.ep1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossas-4.3.0-3.GA_CP03.6.ep1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossas-client-4.3.0-3.GA_CP03.6.ep1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-cache-1.4.1-5.SP10.1.ep1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-common-1.2.1-0jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-jaxr-1.2.0-SP1.0jpp.ep1.5.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-messaging-1.4.0-2.SP3_CP04.3.ep1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-microcontainer-1.0.2-4.1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-profiler-1.0-0.1.CR5.1jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-remoting-2.2.2-3.SP10.0jpp.ep1.1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-serialization-1.0.3-1jpp.ep1.3.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossts-4.2.3-1.SP5_CP02.1jpp.ep1.1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossweb-2.0.0-6.CP08.0jpp.ep1.1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossws-2.0.1-3.SP2_CP04.1.ep1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossws-common-1.0.0-2.GA_CP02.1.ep1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossws-framework-2.0.1-1.GA_CP02.1.ep1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossws-spi-1.0.0-1.GA_CP01.1.ep1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossxb-1.0.0-2.SP3.0jpp.ep1.3.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jcommon-1.0.12-1jpp.ep1.3.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jdom-1.0-4jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jfreechart-1.0.9-1jpp.ep1.3.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jgroups-2.4.4-2.ep1.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ joesnmp-0.3.4-1jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ juddi-0.9-0.rc4.2jpp.ep1.8.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ log4j-1.2.14-1jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ msv-1.2-0.20050722.4jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ msv-xsdlib-1.2-0.20050722.4jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ odmg-3.0-3jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ qdox-1.6.1-1jpp.ep1.4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ quartz-1.5.2-1jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ regexp-1.4-3jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ relaxngDatatype-1.0-2jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ rh-eap-docs-4.3.0-4.GA_CP03.ep1.2.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ servletapi6-6.0.10-3jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ snmptrapappender-1.2.8-5jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ tanukiwrapper-3.2.1-2jpp.ep1.1.i386.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ tomcat5-servlet-2.4-api-5.5.17-6jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ ws-commons-policy-1.0-2jpp.ep1.7.el4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ wsdl4j-1.6.2-1jpp.ep1.8.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ ws-jaxme-0.5.1-2jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ wstx-3.1.1-1jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xalan-j2-2.7.0-2jpp.ep1.3.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xerces-j2-2.7.1-9jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xjavadoc-1.1-1jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xml-commons-1.3.03-7jpp.ep1.3.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xml-commons-jaxp-apis-1.3.03-7jpp.ep1.3.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xml-commons-resolver-1.1-1jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xml-im-exporter-1.1-2jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xml-security-1.3.0-1jpp.ep1.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xom-1.0-2jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xpp2-2.1.10-4jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xpp3-1.1.3.4-1.o.2jpp.ep1.1.noarch.rpm
+ </para>
+ </listitem>
+ </itemizedlist>
+</appendix>
\ No newline at end of file
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/RHEL_5_RPM_List.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/RHEL_5_RPM_List.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/RHEL_5_RPM_List.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,399 @@
+<?xml version='1.0'?>
+<!DOCTYPE revhistory PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<appendix id="appe-RHEL_5_RPM_List">
+<title>RPM Listings for a Red Hat Enterprise Linux 5 installation</title>
+ <itemizedlist>
+ <listitem>
+ <para>
+ asm-1.5.3-1jpp.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ bea-stax-1.2.0-0.rc1.2jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ bea-stax-api-1.2.0-0.rc1.2jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ berkeleydb-2.0.90-1jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ cglib-2.1.3-2jpp.ep1.6.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ concurrent-1.3.4-8jpp.ep1.6.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ dom4j-1.6.1-2jpp.ep1.5.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ dtdparser-1.21-2jpp.ep1.2.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ geronimo-j2ee-1.4-apis-1.0-3jpp.ep1.3.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jaf-1.1.0-0jpp.ep1.12.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-javamail-1.4.0-0jpp.ep1.10.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jaxb-2.1.4-1jpp.ep1.4.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jaxws-2.1.1-1jpp.ep1.3.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jsf-1.2_09-0jpp.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ glassfish-jstl-1.2.0-0jpp.ep1.10.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ gnu-getopt-1.0.12-1jpp.ep1.2.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ gnu-trove-1.0.2-5jpp.ep1.2.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-3.2.4-1.SP1_CP06.0jpp.ep1.3.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-annotations-3.2.1-5.GA_CP03.1jpp.ep1.1.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-annotations-javadoc-3.2.1-5.GA_CP03.1jpp.ep1.1.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-commons-annotations-0.0.0-3.1jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-ejb-persistence-3.0-api-3.2.1-1jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-ejb-persistence-3.0-api-javadoc-3.2.1-1jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-entitymanager-3.2.1-2.GA_CP04.1jpp.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-entitymanager-javadoc-3.2.1-2.GA_CP04.1jpp.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-javadoc-3.2.4-1.SP1_CP06.0jpp.ep1.3.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ hibernate3-validator-0.0.0-2.1jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ icu4j-3.4.5-2jpp.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ isorelax-0.1-0.20041111.2jpp.ep1.2.el5.4.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jacorb-2.3.0-1jpp.ep1.5.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-commons-transaction-1.1-3jpp.1.ep1.3.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jakarta-slide-webdavclient-2.1-3jpp.ep1.3.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ javassist-3.8.0-1jpp.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jaxen-1.1-1jpp.ep1.4.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-aop-1.5.5-3.CP03.1.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossas-4.3.0-3.GA_CP03.6.2.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossas-client-4.3.0-3.GA_CP03.6.1.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-cache-1.4.1-5.SP10.1.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-common-1.2.1-0jpp.ep1.2.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-jaxr-1.2.0-SP1.0jpp.ep1.5.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-messaging-1.4.0-2.SP3_CP04.3.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-microcontainer-1.0.2-4.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-profiler-1.0-0.1.CR5.1jpp.ep1.3.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-remoting-2.2.2-3.SP10.0jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-seam-1.2.1-3.JBPAPP_4_3_0_GA.ep1.8.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-seam-docs-1.2.1-3.JBPAPP_4_3_0_GA.ep1.8.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jboss-serialization-1.0.3-1jpp.ep1.4.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossts-4.2.3-1.SP5_CP02.1jpp.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossweb-2.0.0-6.CP08.0jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossws-2.0.1-3.SP2_CP04.1.1.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossws-common-1.0.0-2.GA_CP02.1.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossws-framework-2.0.1-1.GA_CP02.1.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossws-spi-1.0.0-1.GA_CP01.1.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jbossxb-1.0.0-2.SP3.0jpp.ep1.3.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jcommon-1.0.12-1jpp.ep1.3.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jfreechart-1.0.9-1jpp.ep1.3.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ jgroups-2.4.4-2.ep1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ joesnmp-0.3.4-1jpp.ep1.2.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ juddi-0.9-0.rc4.2jpp.ep1.8.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ msv-1.2-0.20050722.5jpp.ep1.1.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ msv-xsdlib-1.2-0.20050722.5jpp.ep1.1.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ odmg-3.0-3jpp.ep1.2.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ qdox-1.6.1-1jpp.ep1.5.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ quartz-1.5.2-1jpp.ep1.5.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ relaxngDatatype-1.0-2jpp.ep1.2.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ rh-eap-docs-4.3.0-4.GA_CP03.ep1.2.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ servletapi6-6.0.10-3jpp.ep1.1.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ snmptrapappender-1.2.8-5jpp.ep1.2.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ tanukiwrapper-3.2.1-2jpp.ep1.1.el5.i386.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ ws-commons-policy-1.0-2jpp.ep1.5.el5.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ wsdl4j16-1.6.2-0jpp.ep1.2.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ ws-jaxme-0.5.1-2jpp.ep1.1.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ wstx-3.1.1-1jpp.ep1.2.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xml-im-exporter-1.1-2jpp.ep1.1.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xml-security-1.3.0-1jpp.ep1.3.el5.2.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xom-1.0-2jpp.ep1.3.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xpp2-2.1.10-4jpp.ep1.2.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ xpp3-1.1.3.4.O-2jpp.ep1.1.el5.1.noarch.rpm
+ </para>
+ </listitem>
+ </itemizedlist>
+</appendix>
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Requirements_for_the_Evaluated_Configuration.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Requirements_for_the_Evaluated_Configuration.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Requirements_for_the_Evaluated_Configuration.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,286 @@
+<?xml version='1.0'?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<chapter id="chap-Common_Criteria_Guide-Requirements_for_the_Evaluated_Configuration">
+ <title>Requirements for the Evaluated Configuration</title>
+ <section id="Software_Requirements">
+ <title>Software Requirements</title>
+
+ <section id="JVM-requirements">
+ <title>Java Virtual Machine</title>
+ <para>JBoss EAP is evaluated on the following Java Virtual Machines (JVMs). Only
+ these JVMs are acceptable for the deployment of JBoss EAP.</para>
+ <itemizedlist>
+ <listitem><para>Sun JRE 1.5.x &1.6.x</para></listitem>
+ <listitem><para>BEA JRockit JRE 1.5.x &1.6.x</para></listitem>
+ <listitem><para>HP-UX JRE 1.5.x &1.6.x</para></listitem>
+ <listitem><para>IBM JRE 1.5.x &1.6.x</para></listitem>
+ <!-- <listitem><para>OpenJDK 6</para></listitem> -->
+ </itemizedlist>
+ </section>
+
+ <section id="OS-requirements">
+ <title>Operating System</title>
+ <para>All of the JBoss EAP functionality in the evaluated configuration relies only
+ on the correct operation of the Java virtual machine. Thus it can operate on any
+ operating system that is supported by the respective Java virtual machine. This also
+ means that any hardware supported by the aforementioned operating systems can be used.</para>
+ </section>
+
+ <section id="database_requirements">
+ <title>Database Servers</title>
+ <para>JBoss EAP is evaluated with the following relational database systems. Only
+ these database systems are acceptable for use with JBoss EAP.</para>
+ <itemizedlist>
+ <listitem><para>Oracle 10g R2</para></listitem>
+ <listitem><para>Oracle 9i</para></listitem>
+ <listitem><para>Microsoft SQL Server 2005</para></listitem>
+ <listitem><para>MySQL v5.0</para></listitem>
+ <listitem><para>PostgreSQL v8.2</para></listitem>
+ <listitem><para>DB2 v8.2</para></listitem>
+ <listitem><para>DB2 v9.1</para></listitem>
+ </itemizedlist>
+ <para>
+ For information on how to configure each database with the JBoss Enterprise Application Platform refer to <xref linkend="configuration_requirements-database_configuration"/>.
+ </para>
+ <para>
+ The MD5 checksums for each database system is as follows:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Oracle 10g R2 version 10.2.0.2.0
+ </para>
+<screen>$ md5sum ojdbc14.jar
+8ae726d3a32c3cc3adbbe6793ade57f8 ojdbc14.jar
+</screen>
+ <para>
+ Download this driver from the <ulink url="http://www.oracle.com/technology/software/tech/java/sqlj_jdbc/index.html">Oracle driver download page</ulink>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Oracle 9i
+ </para>
+<screen>$ md5sum
+</screen>
+ <para>
+ Download this driver from the <ulink url="http://www.oracle.com/technology/software/tech/java/sqlj_jdbc/index.html">Oracle driver download page</ulink>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Microsoft SQL Server 2005 JDBC Driver 1.2
+ </para>
+<screen>$ md5sum jtds-1.2.jar
+8d3457be7178103ac846fcf407b6e559 jtds-1.2.jar
+</screen>
+ <para>
+ Download this driver from the <ulink url="http://www.microsoft.com/downloads/details.aspx?FamilyId=C47053EB-3B64-4794-950D-81E1EC91C1BA&displaylang=en">Microsoft SQL Server 2005 JDBC Driver download page</ulink>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ MySQL version 5.0.8
+ </para>
+<screen>$ md5sum mysql-connector-java-5.0.8.zip
+569f7284761b8162a2d2ac0a9786581a mysql-connector-java-5.0.8.zip
+</screen>
+ <para>
+ Download this driver from the <ulink url="http://dev.mysql.com/downloads/connector/j/5.0.html">MySQL Connector/J download page</ulink>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ PostgreSQL version 8.2-504
+ </para>
+<screen>$ md5sum postgresql-8.2-504.jdbc3.jar
+aa8fb66ad71300b635943a8f473a3261 postgresql-8.2-504.jdbc3.jar
+</screen>
+ <para>
+ Download this driver from the <ulink url="http://jdbc.postgresql.org/">PostgreSQL JDBC Driver download page</ulink>.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ DB2 version 8.2.7 and JDBC version 2.10.52
+ </para>
+<screen>$ md5sum db2jcc.jar
+1ae13ee23b595de8b282a7974e5cc25c db2jcc.jar
+</screen>
+ </listitem>
+ <listitem>
+ <para>
+ DB2 version 9.1 Fixpack 3 and JDBC version 3.1.57
+ </para>
+<screen>$ md5sum db2jcc.jar
+6b33669a5c2173e65f6bb6618e935b8d db2jcc.jar
+</screen>
+ </listitem>
+ </itemizedlist>
+ <important>
+ <para>
+ Only the exact specified versions of each database and the respective driver is certified to work with the JBoss Enterprise Application Platform 4.3.0.CP03.
+ </para>
+ </important>
+ </section>
+ </section>
+
+ <section id="physical_requirements">
+ <title>Physical Requirements</title>
+
+ <para>The hardware and software executing JBoss EAP as well as the software
+ critical to security policy enforcement will be protected from unauthorized
+ modification including unauthorized modifications by potentially hostile
+ outsiders. Reasonable physical security measures to ensure that unauthorized
+ personnel do not have physical access to the hardware running the JBoss EAP
+ software must be implemented.</para>
+ </section>
+
+ <section id="personnel_requirements">
+ <title>Personnel Requirements</title>
+
+ <para>There shall be one or more competent individuals who are assigned to manage
+ JBoss EAP, its environment and the security of the information it contains. The
+ system administrative personnel shall not be carelessly or willfully negligent,
+ or hostile, and will follow and abide by the instructions provided by the
+ administrator documentation.</para>
+
+ <para>The developer of user applications executed by JBoss EAP, including web server
+ applications and enterprise beans, shall be trustworthy and comply with all instructions
+ set forth by the user guidance and evaluated configuration guidance of the JBoss EAP.</para>
+
+ </section>
+
+ <section id="connectivity_requirements">
+ <title>Connectivity Requirements</title>
+ <para>The operating system and the Java virtual machine operate according to their specification. These external systems shall be configured in accordance with this guidance.</para>
+ <para>Any other system with which JBoss EAP communicates is assumed to be under the same management control and operate under the same security policy constraints as JBoss EAP.</para>
+ <section id="connectivity_requirements.cluster">
+ <title>
+ Cluster Connectivity Requirements
+ </title>
+ <para>
+ In case multiple instances of JBoss are joined into a cluster, it is assumed that the administrator ensures that the cluster communication network is physically separated from any other network attached to cluster nodes. In addition, the administrator has to ensure that the operating system of each cluster node is configured in a way that prevents forwarding of network traffic from any network into the separated cluster network as well as forwarding of network traffic from the cluster network to any other network.
+ </para>
+ </section>
+ </section>
+
+ <section id="configuration_requirements">
+ <title>Configuration Requirements</title>
+
+ <section id="configuration_requirements-setup_configuration">
+ <title>Setup Configuration</title>
+ <para>The following general configuration steps must be performed to ensure compliance
+ with Common Criteria requirements.</para>
+
+ <orderedlist>
+ <listitem><para>Disable Simple Network Management Protocol (SNMP) through ports 1161 and 1162.</para></listitem>
+ <listitem><para>Disable Remote Method Invocation (RMI) under the Internet Inter-ORB Protocol (IIOP).</para></listitem>
+ <listitem><para>Disable AJP from JBoss Web.</para></listitem>
+ <listitem><para>Use password hashing so plain text passwords are not stored on the server.</para></listitem>
+ <listitem><para>Disable the following ports:</para>
+ <orderedlist>
+ <listitem><para>Clustering: port 1102</para></listitem>
+ <listitem><para>SNMP: ports 1161 and 1162</para></listitem>
+ <listitem><para>JBossWeb: port 8009</para></listitem>
+ </orderedlist>
+ </listitem>
+ <listitem>
+ <para>Configure audit logging to print authentication and authorization
+ information for each thread and EJB call. This is done by making the
+ following changes to <filename>jboss-log4.xml</filename>:</para>
+ <orderedlist>
+ <listitem>
+ <para>Set the logging level of the <classname>SecurityInterceptor</classname> class
+ to <literal>TRACE</literal> by adding the following element to the root element:</para>
+ <programlisting language="xml"><category name="org.jboss.ejb.plugins.SecurityInterceptor">
+ <priority value="TRACE" />
+</category></programlisting>
+ </listitem>
+ <listitem><para>Update the ConversionPattern parameter in the appender/layout element
+ to show thread information</para>
+ <programlisting language="xml"><param name="ConversionPattern"
+ value="%d %-5r %-5p [%c] (%t:%x) %m%n" /></programlisting>
+ </listitem>
+ </orderedlist>
+ </listitem>
+ </orderedlist>
+ <note>
+ <para>
+ The SNMP, RMI and AJP services must be disabled ( mentioned previously) as they have been excluded from the evaluation scope and are not allowed in the evaluated configuration.
+ </para>
+ </note>
+ </section>
+ <section id="configuration_requirements-security_configuration">
+ <title>Security Configuration</title>
+ <para>
+ The following configuration steps must be performed to ensure security compliance
+ with Common Criteria requirements
+ </para>
+ <section id="configuration_requirements-security_configuration-JBoss_SX">
+ <title>JBoss SX</title>
+ <para>All security domains must be created in the context of java:/jaas/
+ (e.g. java:/jaas/jmx-console).</para>
+
+ <para>Custom Login Modules are not permitted; the only login modules
+ allowed are the following:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>org.jboss.security.auth.spi.UsersRolesLoginModule</para>
+ </listitem>
+ <listitem>
+ <para>org.jboss.security.auth.spi.LdapLoginModule</para>
+ </listitem>
+ <listitem>
+ <para>org.jboss.security.auth.spi.DatabaseServerLoginModule</para>
+ </listitem>
+ <listitem>
+ <para>org.jboss.security.auth.spi.BaseCertLoginModule</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>This restriction on login modules is also applicable to the
+ DynamicLoginConfig service.</para>
+
+ <para>Only the following security managers are allowed to be configured
+ and used for authentication purposes: </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>org.jboss.security.plugins.JaasSecurityManager </para>
+ </listitem>
+ <listitem>
+ <para>org.jboss.security.plugins.JaasSecurityDomain </para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Other modules, such as SRP module are not allowed.</para>
+ </section>
+
+ <section id="configuration_requirements-security_configuration-JBoss_Web">
+ <title>JBoss Web</title>
+ <para>The JAAS based authentication and authorization realm implementation
+ (<parameter>org.jboss.web.tomcat.security.JBossSecurityMgrRealm</parameter>)
+ cannot be replaced. The same is true for the authenticator classes defined
+ for each authentication method (BASIC, CLIENT-CERT, DIGEST, FORM, NONE) in
+ <filename>/EnterprisePlatform-4.3.0.GA_CP03/jboss-as/server/production/deploy/jboss-web.deployer/META-INF/jboss-service.xml</filename>. </para>
+
+ <para>Additionally, the <parameter>AllRolesMode</parameter> within <filename>/EnterprisePlatform-4.3.0.GA_CP03/jboss-as/server/production/deploy/jboss-web.deployer/server.xml</filename> must be set to <literal>strict</literal>.
+ This requires the authenticated user to be assigned to one of the
+ <filename>web-app/security-role/role-name</filename> in order to be authorized.</para>
+ </section>
+ </section>
+ <section id="configuration_requirements-database_configuration">
+ <title>Database Configuration</title>
+ <para>
+ The default database HSQL that the Enterprise Application Platform ships with is disabled from the outset. For information on how to configure other supported databases refer to <ulink url="http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html-single/Server_Configuration_Guide/index.html#alternative_DBs"></ulink>.
+ </para>
+ </section>
+ </section>
+
+
+</chapter>
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Revision_History.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Revision_History.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Revision_History.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,72 @@
+<?xml version='1.0'?>
+<!DOCTYPE revhistory PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+<appendix id="appe-Publican-Revision_History">
+ <title>Revision History</title>
+ <simpara>
+ <revhistory>
+ <revision>
+ <revnumber>1.0</revnumber>
+ <date>November 07th 2008</date>
+ <author>
+ <firstname>Isaac</firstname>
+ <surname>Rooskov</surname>
+ <email>irooskov at redhat.com</email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>The guide has been updated with information in secitons 2.2, 3.2, 4.2, 5.3 and the removal of JNDI from 5.4</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ </revhistory>
+ </simpara>
+</appendix>
+<!--
+<revhistory>
+ <revision>
+ <revnumber>0.8</revnumber>
+ <date>July 25th</date>
+ <author>
+ <firstname></firstname>
+ <surname></surname>
+ <email></email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>In section 2, the possible EAL levels are 1-7, not "EAL0 - EAL7."
+Also in section 2, this evaluation is for EAL2 augmented with ALC_FLR.3, not "ALC_FLR.1." </member>
+ </simplelist>
+ </revdescription>
+ </revision>
+
+ <revision>
+ <revnumber>0.8</revnumber>
+ <date>July 25th</date>
+ <author>
+ <firstname></firstname>
+ <surname></surname>
+ <email></email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Replaced JDK with JRE, and Azul with IBM</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+ <revision>
+ <revnumber>0.8</revnumber>
+ <date>July 25th</date>
+ <author>
+ <firstname></firstname>
+ <surname></surname>
+ <email></email>
+ </author>
+ <revdescription>
+ <simplelist>
+ <member>Replaced JDK with JRE, and Azul with IBM</member>
+ </simplelist>
+ </revdescription>
+ </revision>
+</revhistory>
+-->
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Security_Configuration.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Security_Configuration.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Security_Configuration.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,99 @@
+<?xml version='1.0'?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<chapter id="Common_Criteria_Guide-Security_Configuration">
+ <title>Launching the JBoss EAP Server</title>
+
+ <para>JBoss EAP includes startup scripts for both Linux/Unix platforms & Microsoft
+ Windows as well a configuration file , <filename>run.conf</filename>, which determines
+ the startup environment of the server. </para>
+
+ <para>The evaluated configuration of JBoss EAP has been certified both with and without
+ the use of the Java Security Manger. If you use the Java Security Manager, you must
+ also use the specific policy which is supplied with the product. Operating JBoss EAP
+ using the Java Security Manager and a modified or completely different policy is not
+ considered to be a certified configuration.</para>
+
+ <para>This allows two modes of operation which affect how JBoss EAP can protect
+ itself against the behavior of applications. These modes are discussed fully below.
+ As the administrator of your JBoss EAP server, you must decide which mode of
+ operation is most appropriate.</para>
+
+ <section id="starting_EAP">
+ <title>Starting the JBoss EAP Server</title>
+ <para>To start the server with the <firstterm>production</firstterm>
+ configuration simply use the supplied start up script.</para>
+
+ <example><title>Starting the JBoss EAP server on Unix or Linux</title>
+ <screen>$ cd $JBOSS_HOME/bin
+$ ./run.sh -c production</screen></example>
+
+ <example><title>Starting the JBoss EAP server on Windows</title>
+ <screen>cd %JBOSS_HOME%/bin
+$ run.bat -c production</screen></example>
+
+ <para>JBoss EAP's default behavior is to run without the use of the Java Security
+ Manager. This means that any application deployed on JBoss EAP will be running in
+ the same namespace as JBoss EAP itself. In this environment it is possible that an
+ application deployed on JBoss EAP may interfere with the execution of JBoss EAP
+ itself either accidentally or intentionally.</para>
+
+ <para>If you choose to run without using the Java Security Manger & supplied
+ policy then you are responsible for performing your own risk analysis to ensure
+ that deployed applications do not contain bugs that may be abused by users of
+ the application to circumvent the security functionality of JBoss EAP.</para>
+
+ <para>It is only recommended to run in this mode if your deployed applications
+ require more permissions that the included security policy allows.</para>
+ </section>
+
+ <section id="enabling_JSM">
+ <title>Enabling the Java Security Manager</title>
+
+ <para>By enabling the Java Security Manager with the included policy file
+ (<filename>security_cc.policy</filename>) JBoss EAP is protected from any
+ application deployed on it accidentally or intentionally interfering with
+ its operation.</para>
+
+ <para>This policy limits the granting of full permissions to those jar files
+ included with the evaluated configuration. All other deployed jar files are
+ limited to read-only file-system access, adding queue print items &
+ connecting to sockets.</para>
+
+<para>You must edit the file <filename>run.conf</filename> located in the Enterprise Platform home directory at <filename>/jboss-as/server/production/</filename> and uncomment the
+ lines indicated below to enable the Java Security Manager. Once those items are
+ uncommented from <filename>run.conf</filename>, simply start the server using the
+ supplied startup script (<filename>run.sh</filename> or <filename>run.bat</filename>)
+ as normal.</para>
+<important>
+ <para>
+ run.conf is part of the production configuration of the EAP. Only the production configuration is allowed in the Common Criteria Configuration.
+ </para>
+</important>
+
+ <example><title><filename>run.conf</filename> with Java Security Manager enabled</title>
+ <screen># Uncomment the following to run with Common Criteria configuration
+## Specify the Security Manager Policy
+POLICY="security_cc.policy"
+#
+## Specify the Security Manager options
+JAVA_OPTS="$JAVA_OPTS -Djava.security.manager -Djava.security.policy=$POLICY"
+echo "================================================================="
+echo " "
+echo " Common Criteria Configuration (Security Manager Enabled)"
+echo " "
+echo "================================================================="
+## End of Common Criteria configuration </screen></example>
+
+<formalpara>
+ <title>Policy file configuration</title>
+ <para>
+ Users and administrators are free to add their own permission blocks to the policy file, however the permissions that are shipped with the JBoss Enterprise Application Platform cannot change; doing so will invalidate the certification. Indeed any modifications of the security policy except what has been specified within this guide, will invalidate the certification configuration.
+ </para>
+</formalpara>
+
+ </section>
+
+</chapter>
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Security_Features.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Security_Features.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Security_Features.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,404 @@
+<?xml version='1.0'?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<chapter id="chap-Security_feature_overview">
+ <title>Overview of the Security Functions</title>
+ <para>The following sections describe the JBoss security functions included
+ in the product evaluation.</para>
+
+ <section id="sect-Common_Criteria_Guide-Overview_of_the_Security_Functions-Access_Control">
+ <title>Access Control</title>
+ <para>JBoss Enterprise Application Platform has access control mechanisms
+ to restrict access for the following request types:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>HTTP</term>
+ <listitem>
+ <para>URLs and paths provided with URLs can be protected from
+ access by subjects.</para>
+ <para>
+ In order to disable the HTTP service, remove the <filename>httpha-invoker.sar</filename> folder from the production server deploy directory.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>EJB</term>
+ <listitem>
+ <para>EJBs and associated method names can be protected from
+ invocation by subjects.</para>
+ <para>
+ In order to disable the EJB service, remove the <filename>ejb3.deployer</filename> folder from the production server deploy directory.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>JMS</term>
+ <listitem>
+ <para>Message queue destinations and topic destinations can be
+ protected from access by subjects.</para>
+
+ <para>
+ In order to disable the JMS service, remove the <filename>jboss-messaging.sar</filename> folder from the production server deploy directory.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Web Services</term>
+ <listitem>
+ <para>Plain Old Java Objects (POJOs) deployed as Servlets and
+ Session Beans can be protected from access by subjects.</para>
+ <para>
+ In order to disable Web Services, remove the <filename>jboss-web.deployer</filename> folder from the production server deploy directory.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>JMX</term>
+ <listitem>
+ <para>The JMX invokers can be protected by validating the role
+ of the authenticated user.</para>
+ <para>
+ IIn order to disable the JMS service, remove the <filename>jmx-console.war</filename> folder from the production server deploy directory.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>
+
+ Removal and deployment can be conducted while the server is running. In order to remove any of the mentioned services from opperation, delete the relevant folder for each from the production deploy directory located at <filename>/EnterprisePlatform-4.3.0.GA_CP03/jboss-as/server/production/deploy/</filename>. Contrast to this, to start a service move the folder for the service into the depoy directory. For more information refer to the <ulink url="http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html-single/Server_Configuration_Guide/index.html#Deployment">Deployment chapter</ulink> of the Server Configuration Guide.
+ </para>
+ </section>
+
+ <section id="sect-Common_Criteria_Guide-Overview_of_the_Security_Functions-Audit">
+ <title>Audit</title>
+ <para>JBoss Enterprise Application Platform can generate audit records for access control events.
+ Attempts to access to web resources, invocation of EJB methods, unauthorized message destinations,
+ and regular Web Service related access control can all be logged. As the administrator you can select
+ the level of events to audit.</para>
+
+ <para>The JBoss Application server generates log events at start-up time and when it is shutdown:</para>
+ <example><title>JBoss EAP start up log events</title>
+<screen>00:30:18,876 INFO [Server] Starting JBoss (MX MicroKernel)...
+00:30:18,876 INFO [Server] Release ID: JBoss [EAP] 4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211657)
+00:30:18,877 DEBUG [Server] Using config: org.jboss.system.server.ServerConfigImpl at 46ae506e
+00:30:18,877 DEBUG [Server] Server type: class org.jboss.system.server.ServerImpl
+00:30:18,877 DEBUG [Server] Server loaded through: org.jboss.system.server.NoAnnotationURLClassLoader
+00:30:18,877 DEBUG [Server] Boot URLs: </screen></example>
+
+ <example><title>JBoss EAP shutdown log events</title>
+<screen>2008-06-12 00:32:16,460 DEBUG [org.jboss.deployment.MainDeployer] Destroying jboss.system:service=MainDeployer
+2008-06-12 00:32:16,460 DEBUG [org.jboss.deployment.MainDeployer] Destroyed jboss.system:service=MainDeployer
+2008-06-12 00:32:16,460 DEBUG [org.jboss.system.ServiceController] removing service: jboss.system:service=MainDeployer
+2008-06-12 00:32:16,460 DEBUG [org.jboss.system.ServiceController] removing jboss.system:service=MainDeployer from server
+2008-06-12 00:32:16,460 DEBUG [org.jboss.system.ServiceController] Stopped 3 services
+2008-06-12 00:32:16,460 DEBUG [org.jboss.system.server.Server] Deleting server tmp/deploy directory
+2008-06-12 00:32:16,463 INFO [org.jboss.system.server.Server] Shutdown complete</screen></example>
+
+ <para>The audit facility is based on the integrated <package>log4j</package>
+ mechanism. <package>Log4j</package> has three main components: loggers,
+ appenders and layouts. These three types of components work together to
+ enable developers to log messages according to message type and level,
+ and to control at run-time how these messages are formatted and where
+ they are reported.</para>
+
+ <para>The audit information is recorded in text files which can be reviewed
+ using tools from the underlying operating system, such as pagers or editors.</para>
+
+
+ <para>User information (principal name) appears <emphasis>only</emphasis>
+ in the first log that records the authentication request, and also in the
+ ERROR log generated if the authentication is unsuccessful. Subsequent log
+ events do not record explicitly the user executing the methods. </para>
+
+ <para>User information can be obtained by using the container and thread
+ ids that are recorded in each audit log and remain during the life of the
+ user session.</para>
+
+ <para>In the example below (<xref linkend="log_output_example"/>) the first log entry informs that authentication for container 753,
+ thread id 826541 has been requested by principal name “scott”. The second
+ log records the execution of a method, and, although the principal name
+ does not appear, it can be inferred by looking all logs with the same
+ container and thread id.</para>
+
+
+ <example id="log_output_example"><title>Log output</title>
+ <screen>2008-07-17 16:04:33,753 826541 TRACE [org.jboss.ejb.plugins.SecurityInterceptor] (WorkerThread#0[127.0.0.1:33182]:) Authenticated principal=scott
+2008-07-17 16:04:33,753 826541 TRACE [org.jboss.ejb.plugins.SecurityInterceptor] (WorkerThread#0[127.0.0.1:33182]:) method=public abstract org.jboss.test.jca.securedejb.CallerIdentity org.jboss.test.jca.securedejb.CallerIdentityHome.create() throws javax.ejb.CreateException,java.rmi.RemoteException, interface=HOME, requiredRoles=[CallerIdentityUser]</screen></example>
+
+
+ <section id="additional_auditing_options">
+ <title>Enabling Additional Logging</title>
+
+ <para>
+ Additional logging for EJB application requests has been configured during the setup process of this guide when audit logging was configured. For more information see <xref linkend="configuration_requirements-setup_configuration"/>
+ </para>
+ <!--
+ <para>If you need additional logging for EJB application requests,
+ uncomment the following category in <filename>conf/jboss-log4j.xml</filename>.</para>
+
+ <figure><title>Enabling additional logging for EJBs</title>
+<programlisting language="xml"><category name="org.jboss.ejb.plugins.SecurityInterceptor">
+ <priority value="TRACE"/>
+ </category></programlisting>
+ </figure>
+-->
+ <para>If you need additional logging for web-based requests, uncomment
+ the <literal>AccessLogValve</literal> in
+ <filename>deploy/jboss-web.deployer/server.xml</filename>. The access
+ log will be available in the <filename>log</filename> directory of the
+ server configuration.</para>
+
+ <figure><title>Enabling additional logging for web-based requests</title>
+<programlisting language="xml"><Valve className="org.apache.catalina.valves.AccessLogValve"
+ prefix="localhost_access_log." suffix=".log"
+ pattern="common" directory="${jboss.server.home.dir}/log"
+ resolveHosts="false" /></programlisting></figure>
+
+
+ </section>
+ </section>
+
+ <section id="sect-Common_Criteria_Guide-Overview_of_the_Security_Functions-Clustering">
+ <title>Clustering</title>
+ <para>A cluster is a group of linked systems (nodes) working closely together
+ to increase efficiency. Clustering enables the execution of applications on
+ several parallel servers. In a JBoss EAP cluster each node is a JBoss server
+ instance. Several JBoss server instances are grouped together to form a
+ cluster, also known as a "partition".</para>
+
+ <para>JBoss EAP implements two different cluster configurations: a failover
+ cluster and a load-distribution cluster.</para>
+
+ <para>In a failover cluster scenario a single node services requests from
+ clients. In the event that the node fails another node in the cluster
+ continues to service requests.</para>
+
+ <para>In a load-distribution cluster scenario multiple nodes service requests
+ from clients. In this way a single address is serviced with the power of
+ multiple systems.</para>
+
+ <para>In both cases, the server state is distributed across different servers.
+ If any of the servers fails the application is still accessible via other
+ non-failed cluster nodes.</para>
+
+ <para>Communication between the different cluster nodes ensures the data
+ consistency of the following information:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>Applications - an application deployed on one node is
+ replicated to the other nodes of the cluster (farming deployment)</para>
+ </listitem>
+ <listitem>
+ <para>State of HTTP sessions, EJB 3.0 session beans, EJB 3.0 entity
+ beans, as well as Hibernate persistence objects (distributed state
+ replication service using JBoss Cache)</para>
+ </listitem>
+ <listitem>
+ <para>State of HTTP sessions and EJB 2.x session beans (distributed
+ state replication service using HASessionState MBean)</para>
+ </listitem>
+ <listitem>
+ <para>JNDI state (JBoss HA-JNDI)</para>
+ </listitem>
+ <listitem>
+ <para>JMS queues</para>
+ </listitem>
+ </itemizedlist>
+ </section>
+
+ <section id="sect-Common_Criteria_Guide-Overview_of_the_Security_Functions-Identification_and_Authentication">
+ <title>Identification and Authentication</title>
+ <para>Each user is assigned a unique user identifier. Access control
+ decisions and auditing use this identifier. JBoss EAP authenticates
+ the user's claimed identity before allowing the user to perform any
+ actions. After successful authentication JBoss EAP associates the
+ identifier with the thread spawned for the user.</para>
+
+ <para>JBoss EAP provides different identification and authentication
+ mechanisms for various request types.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>HTTP and Web Services</term>
+ <listitem>
+ <para>HTTP-basic authentication, HTTP-digest authentication,
+ form-based authentication, client certificate based
+ authentication.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>EJB</term>
+ <listitem>
+ <para>username and password based authentication, client
+ certificate based authentication.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>JMS</term>
+ <listitem>
+ <para>username and password based authentication.</para>
+ </listitem>
+ </varlistentry>
+ <!-- <varlistentry>
+ <term>JNDI</term>
+ <listitem>
+ <para>username and password based authentication.</para>
+ </listitem>
+ </varlistentry> -->
+ </variablelist>
+
+ <para>JBoss EAP uses JBoss SX framework to implement identification and
+ authentication. The JBossSX framework utilizes the Java Authentication
+ and Authorization Service (JAAS) provided by the Java Virtual Machine.
+ The authentication capabilities of JAAS are used to implement the
+ declarative role-based J2EE security model.</para>
+
+ <para>The following authentication back-ends are configurable with the
+ JAAS modules.</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>File-based storage</para>
+ </listitem>
+ <listitem>
+ <para>BaseCertLoginModule</para>
+ </listitem>
+ <listitem>
+ <para>LDAP</para>
+ </listitem>
+ <listitem>
+ <para>Databases accessible through JDBC</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Password quality can be enforced with configuration options for
+ the JAAS modules provided by JBoss EAP.</para>
+
+ <para>
+ For information on how to configure the JAAS modules, refer to the <ulink url="http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp03/html-single/Server_Configuration_Guide/index.html#Defining_Security_Domains-Using_JBoss_Login_Modules">Using JBoss Login Modules</ulink> section of the Server Configuration Guide.
+ </para>
+
+ <section id="Common_Criteria_Guide-authentication-User_Credentials_in_RMI">
+ <title>Developer Advice for User Credentials in Remote Method Invocation (RMI)</title>
+ <para>In Remote Method Invocation credentials are transmitted from
+ client to server. These credentials populate the security context
+ in the method invocation object. This is done through the
+ <methodname>setPrincipal</methodname> and
+ <methodname>setCredential</methodname> methods.</para>
+
+ <example><title>Setting Principal and Credential</title>
+ <programlisting language="java">MethodInvocation mi = new MethodInvocation();
+ mi.setPrincipal(new SimplePrincipal("myusername"));
+ mi.setCredential("mypassword");</programlisting></example>
+
+ <para>These additional payloads can be retrieved at the server side
+ using similar methods on the invocation object.</para>
+
+ <example><title>Retreiving Principal and Credential</title>
+ <programlisting language="java">Principal p = mi.getPrincipal();
+Object cred = mi.getCredential();
+// Now do authentication (and then authorization)</programlisting></example>
+
+ </section>
+
+ </section>
+
+ <section id="sect-Common_Criteria_Guide-Overview_of_the_Security_Functions-Transaction_Rollback">
+ <title>Transaction Rollback</title>
+ <para>JBoss EAP supports the aggregation of operations into transactions,
+ which can be applied and rolled back consistently.</para>
+
+ <para>A transaction is a unit of work containing one or more operations
+ involving one or more shared resources having ACID properties. ACID is
+ an acronym for atomicity, consistency, isolation and durability - the
+ four important properties of transactions.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>Atomicity</term>
+ <listitem>
+ <para>A transaction must be atomic. This means that either all
+ the work done in the transaction must be performed, or none of
+ it must be performed. Doing only part of a transaction is not
+ allowed.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Consistency</term>
+ <listitem>
+ <para>When a transaction is completed, the system must be in a
+ stable and consistent condition.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Isolation</term>
+ <listitem>
+ <para>Different transactions must be isolated from each other.
+ This means that the partial work done in one transaction is not
+ visible to other transactions until the transaction is committed,
+ and that each process in a multi-user system can be programmed as
+ if it was the only process accessing the system.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Durability</term>
+ <listitem>
+ <para>The changes made during a transaction are made persistent
+ when it is committed. When a transaction is committed, its changes
+ will not be lost, even if the server crashes afterward.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>The default transaction manager for JBoss EAP is JBoss Transactions,
+ a fast in-VM transaction manager implementation.</para>
+
+ <para>Traditionally ACID transaction systems have shared three
+ characteristics:</para>
+
+ <orderedlist>
+ <listitem>
+ <para>Transactions are short lived</para>
+ </listitem>
+ <listitem>
+ <para>Resources (such as databases) are locked for the duration
+ of the transaction</para>
+ </listitem>
+ <listitem>
+ <para>Participants have a high degree of trust with each other.</para>
+ </listitem>
+ </orderedlist>
+
+ <para>The advent of the Internet and Web services has given rise to
+ distributed transactions between participants unknown to each other.
+ JBoss Transactions adds native support for Web services transactions
+ by providing the components necessary to build interoperable,
+ reliable, multi-party, Web services-based applications with minimum
+ effort. The programming interfaces are based on the Java API for XML
+ Transactions (JAXTX) and include protocol support for the
+ WS-AtomicTransaction and WS-BusinessActivity specifications. JBoss is
+ designed to support multiple coordination protocols.</para>
+
+ <para>JBoss supports both local and distributed transactions. A transaction
+ is considered to be distributed if it spans multiple process instances,
+ i.e. virtual machines (VMs). Typically a distributed transaction will contain
+ participant that are located within multiple VMs but the transaction is
+ coordinated in a separate VM (or co-located with one of the participants).
+ If the deployment requires distributed transactions then the Web Services
+ transactions component can be utilized, which uses SOAP/HTTP.</para>
+ </section>
+
+ <section id="sect-Common_Criteria_Guide-Overview_of_the_Security_Functions-Securing_MBean_Invokers">
+ <title>Securing MBean Invokers</title>
+ <para>
+ The <filename>http-invoker.sar</filename> found in the deploy directory is a service that provides RMI/HTTP access for EJBs and the JNDI Naming service. This includes a servlet that processes posts of <classname>marshaled org.jboss.invocation.Invocation</classname> objects that represent invocations that should be dispatched onto the MBeanServer. Effectively this allows access to MBeans that support the detached invoker operation via HTTP when sending appropriately formatted HTTP posts. This servlet has to be protected against the use by unprivileged users. To secure this access point you would need to secure the JMXInvokerServlet servlet found in the <filename>http-invoker.sar/invoker.war/WEB-INF/web.xml</filename> descriptor.
+ </para>
+ <para>
+ The <filename>jmx-invoker-adaptor-server.sar</filename> is a service that exposes the JMX MBeanServer interface via an RMI compatible interface using the RMI/JRMP detached invoker service. This interface has to be made unavailable to unprivileged users which can be done by using the <classname>org.jboss.jmx.connector.invoker.AuthenticationInterceptor</classname> interceptor for performing identification and authentication using JAAS. Additionally, access control has to be configured using the interceptors of either <classname>org.jboss.jmx.connector.invoker.RolesAuthorization</classname> or <classname>org.jboss.jmx.connector.invoker.ExternalizableRolesAuthorization</classname>.
+ </para>
+ </section>
+</chapter>
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/System_Configuration.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/System_Configuration.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/System_Configuration.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,109 @@
+<?xml version='1.0'?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<chapter id="chap-Common_Criteria_Guide-System_Configuration">
+ <title>System Configuration</title>
+ <section id="sect-Common_Criteria_Guide-System_Configuration-General">
+ <title>General</title>
+ <para>
+ The following general configuration steps must be performed to configure the platform:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Disable SNMP
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Disable RMI under IIOP.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Disable AJP from JBoss Web
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ In order to avoid plain text passwords from being stored on the server side, you should
+ use password hashing. <!--as documented in [JBSCG] section 5.3.2 “Password Hashing”-->
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Disable the following ports:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Clustering: port 1102
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ SNMP: ports 1161 and 1162
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ JBossWeb: port 8009
+ </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ <listitem>
+ <para>
+ Authenticator classes defined for each authentication method (BASIC, CLIENT-CERT, DIGEST,
+ FORM, NONE) cannot be modified.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ If you are using the Java Security Manager to protect the JBoss server from insecure
+ applications, you must use the provided security policy, modified to give permissions to
+ your applications. See <xref linkend="Common_Criteria_Guide-Security_Configuration"/> for
+ more details.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
+ Configure audit logging to print authentication and authorization information for each thread
+ and EJB call. Edit the <filename>jboss-log4.xml</filename> file and make the following changes:
+ </para>
+
+ <itemizedlist>
+ <listitem>
+ <para>
+ Set the logging level of the <classname>SecurityInterceptor</classname> class to <literal>TRACE</literal>,
+ adding the following element to the root element:
+ </para>
+
+ <programlisting><category name="org.jboss.ejb.plugins.SecurityInterceptor">
+ <priority value="TRACE"/>
+</category></programlisting>
+ </listitem>
+
+ <listitem>
+ <para>
+ Modify the logging pattern to show thread information, changing the <literal>ConversionPattern</literal>
+ parameter in the appender/layout element as follows:
+ </para>
+
+ <programlisting><param name="ConversionPattern" value="%d %-5r %-5p [%c] (%t:%x) %m%n"/></programlisting>
+
+ <para>
+ See <xref linkend="sect-Common_Criteria_Guide-Additional_Guidance_Documentation-Audit_Logging" /> for more information on Audit logging.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+ </itemizedlist>
+
+ </section>
+
+</chapter>
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/System_Installation.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/System_Installation.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/System_Installation.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,274 @@
+<?xml version='1.0'?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<chapter id="chap-Common_Criteria_Guide-System_Installation">
+ <title>Downloading and Verifying the Packages</title>
+ <para>JBoss EAP is delivered on line through the Red Hat JBoss Customer Support Portal (CSP) at
+ <ulink url="https://support.redhat.com/jbossnetwork/restricted/main.html">https://support.redhat.com/jbossnetwork/restricted/main.html</ulink> and through the Red Hat Network (RHN) at the following address: <ulink url="https://rhn.redhat.com">https://rhn.redhat.com</ulink>. The EAP is avaliable as ZIP files from the CSP and as ZIP and RPM files from the RHN.
+ </para>
+
+ <para>To ensure the authenticity of the downloaded software you need to verify
+ the authenticity of the files and their source.</para>
+
+ <section id="verify_authenticity_of_site">
+ <title>Verify the Authenticity of the Download Site.</title>
+
+ <para>Red Hat JBoss Customer Support Portal and Red Hat Network are secure sites. This is
+ indicated by the 'lock' icon in the browser status bar. The lock may also present itself in the address bar depending on what browser you are using.</para>
+
+ <important>
+ <para>The following images have been taken with the Firefox3 and Firefox2 web browsers. While most
+ popular web-browsers display this information in a very similar manner it may
+ differ slightly to these images.</para>
+ </important>
+
+ <figure><title>Secure site 'lock' icon displayed in the Firefox3 status bar.</title>
+ <mediaobject>
+ <imageobject><imagedata fileref="images/ssl_statusbar.png" /></imageobject>
+ </mediaobject>
+ </figure>
+
+ <figure><title>Secure site 'lock' icon displayed in the Firefox2 address bar.</title>
+ <mediaobject>
+ <imageobject><imagedata fileref="images/ssl_addressbar.png" /></imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>
+ If these items are not visible you may wish to check the authenticity of the site by viewing the identiy certificate. To give an example of how this can be done, we will use the Firefox web browser.
+ </para>
+ <para>
+ Within the Firefox browser, go to Tools in the top menu bar and then click on Page Info. From here click the Security icon and then the <guibutton>View Certificate</guibutton> button.
+ </para>
+ <para>
+ The certificate will display details such as who the owner of the page is, who issued the certificate, when it was issued and when it expires as well as SHA1 and MD5 fingerprint verification strings. An example of the certificate for <ulink url="https://rhn.redhat.com">https://rhn.redhat.com</ulink> follows.
+ </para>
+
+ <figure><title>The RHN certification certificate</title>
+ <mediaobject>
+ <imageobject><imagedata fileref="images/rhn_certificate.png" /></imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>
+ If neither of the lock icons are present in your browser and a verified certificate cannot be found, this may mean that you are not at the correct site. If you are unable to reach the secure Red Hat JBoss Customer Support Portal or Red Hat Network sites you should contact Red Hat Support and report this problem.
+ </para>
+
+<!-- <para>When the 'lock' icon is clicked a dialog window will be displayed with the details
+ of the site certificate. If this dialog does not specify that the web sites identity is
+ verified then you are not at the correct site.</para>
+
+ <figure><title>Firefox Security dialog displaying verification for support.redhat.com.</title>
+ <mediaobject>
+ <imageobject><imagedata fileref="images/certificate.png" /></imageobject>
+ </mediaobject>
+ </figure>
+-->
+ </section>
+
+ <section id="verify_downloaded_files_Customer_Support_Site">
+ <title>Verifying the Downloaded Files from the Red Hat JBoss Customer Support Portal</title>
+ <para>The JBoss EAP evaluated configuration is found for download on the
+ Customer support site by browsing to <guimenuitem>JBoss Enterprise Middleware</guimenuitem>,
+ <guimenuitem>Application Platform</guimenuitem>, <guimenuitem>Certified downloads</guimenuitem>.</para>
+
+ <figure><title>Software downloads page showing available JBoss EAP files</title>
+ <mediaobject>
+ <imageobject><imagedata fileref="images/software_downloads.png" /></imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>The packages can be downloaded using either the download link on that page,
+ or by using the download link on the software details page for that package. The
+ software details page is reached by clicking on the package name rather than the
+ download link.</para>
+
+ <para>The software details page for each package also contains the MD5 and SHA-256
+ checksum values for that package. These values are used to verify the integrity
+ of your downloaded files.</para>
+
+<figure><title>MD5 & SHA-256 information displayed for a download at the Red Hat JBoss Customer Support Portal</title>
+ <mediaobject>
+ <imageobject><imagedata fileref="images/lookup_MD5_value.png" /></imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>You can use either the <command>md5sum</command> or <command>sha256sum</command> utilities as detailed below to calculate
+ the checksum values of the files to compare to the supplied values on the website.</para>
+
+ <note>
+ <para>The command line examples given are accurate for most Linux and
+ Unix operating systems. Mac OS X includes the equivalent command
+ <command>md5</command>.</para>
+
+ <para>If you are using Microsoft Windows you will have to download a
+ third party utility to perform these steps as it does not include a
+ MD5SUM or SHA256SUM tool.</para>
+ </note>
+
+ <para>The values that are generated by these tools should be the same as those
+ on the Software Details page. If it is not then your download is either incomplete
+ or corrupted. You will need to download it again. </para>
+
+ <warning>
+ <para>If after several attempts you are unable to download a copy of the file that
+ produces a valid checksum values you should open a support case to report the
+ problem. </para>
+ </warning>
+
+
+ <section id="verify_downloaded_files_MD5">
+ <title>Verifying the Downloaded Files</title>
+ <para>After you have downloaded the file, run the <command>md5sum</command> command-line utility and specify
+ the file you downloaded as the first argument. </para>
+
+ <example><title>Using the md5sum tool on Linux or Unix</title>
+<screen>$ md5sum jboss-eap-4.3.0.GA_CP03.zip
+3f750b0bd3ec997658a7368cb46e912a jboss-eap-4.3.0.GA_CP03.zip </screen>
+ </example>
+
+ </section>
+
+ <section id="verify_downloaded_files_SHA256">
+ <title>Verifying the Downloaded Files</title>
+ <para>After you have downloaded the file, run the <command>sha256sum</command> command-line utility and specify
+ the file you downloaded as the first argument. </para>
+
+ <example><title>Using the sha256sum tool</title>
+<screen>$ sha256sum jboss-eap-4.3.0.GA_CP03.zip
+24f88354add8adc7f6f2807705cc36ed4fc4242c5375414962cbfca77cf19640 jboss-eap-4.3.0.GA_CP03.zip </screen>
+ </example>
+
+ </section>
+
+
+
+ </section>
+
+ <section id="verify_downloaded_files_RHN">
+ <title>Verifying the Downloaded Files from the Red Hat Network</title>
+ <para>The JBoss EAP evaluated configuration is found for download on the Red Hat Network by first logging into RHN and then locating and selecting the download. This section will detail the steps necesssary to download the EAP from RHN and then the verification of the download.</para>
+
+ <para>
+ Firstly you will have to login to the Red Hat Network with your Red Hat login and password. If you have lost these details, click on the <guilabel>Lost login/Password?</guilabel> link and follow the prompts.
+ </para>
+
+ <figure><title>RHN login page</title>
+ <mediaobject>
+ <imageobject><imagedata fileref="images/RHN_Login.png" /></imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>
+ To find the JBoss EAP download, begin by clicking on the <guimenuitem>Channels</guimenuitem> menu item at the top of the page.
+ </para>
+
+ <figure><title>RHN Channels Tab</title>
+ <mediaobject>
+ <imageobject><imagedata fileref="images/RHN_Channels.png" /></imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>
+ From the dropdown menu system, select the JBoss Application Platform, version 4.3.0 (as it is the certified version) followed by the architecture of your system and then click on the <guibutton>Filter</guibutton> button.
+ </para>
+ <para>
+ The following image is an example filter search and displays all versions of the EAP that are avaliable. For the certified version select <productname>JBoss Enterprise Application Platform 4.3.0</productname>.
+ </para>
+
+ <figure><title>Searching for the JBoss Enterprise Application Platform</title>
+ <mediaobject>
+ <imageobject><imagedata fileref="images/RHN_select_version.png" /></imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>
+ From the filtered list that is returned and after selecting the appropriate version of the JBoss EAP for your system, another page will be displayed which outlines the details of the download.
+ </para>
+
+ <figure><title>JBoss EAP download details</title>
+ <mediaobject>
+ <imageobject><imagedata fileref="images/RHN_EAP_details.png" /></imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>
+ Under the JBoss Application Platform title is a list of tabs. Curently the <guimenuitem>Details</guimenuitem> tab is selected. By clicking on the last tab called <guimenuitem>Downloads</guimenuitem>, a list of all the downloads which form the JBoss EAP will be displayed.
+ </para>
+
+ <figure><title>JBoss EAP download file list </title>
+ <mediaobject>
+ <imageobject><imagedata fileref="images/RHN_download.png" /></imageobject>
+ </mediaobject>
+ </figure>
+
+ <para>
+ The packages listed above can be explained as follows:
+ </para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ <filename>enterprise-installer-4.3.0.GA_CP03.jar</filename>: The graphical installer for EAP 4.3.0.CP03.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <filename>jboss-eap-4.3.0.GA_CP03.zip</filename>: The software files that make up the EAP 4.3.0.CP03 installation.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <filename>jboss-eap-docs-4.3.0.GA_CP03.zip</filename>: The documentation for EAP 4.3.0.CP03.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <filename>jboss-eap-src-4.3.0.GA_CP03.zip</filename>: The graphical installer for EAP 4.3.0.CP03.
+ </para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The software details page also contains the MD5 checksum values for each package. These values are used to verify the integrity of your downloaded files.</para>
+
+ <para>You can use the <command>md5sum</command> utility as detailed below to calculate
+ the checksum values of the files to compare to the supplied values on the website.</para>
+
+ <note>
+ <para>The command line examples given are accurate for most Linux and
+ Unix operating systems. Mac OS X includes the equivalent command
+ <command>md5</command>.</para>
+
+ <para>If you are using Microsoft Windows you will have to download a
+ third party utility to perform these steps as it does not include a
+ MD5SUM tool.</para>
+ </note>
+
+ <para>The values that are generated by the MD5SUM tool should be the same as the value
+ on the Downloads page. If it is not then your download is either incomplete
+ or corrupted. You will need to download it again. </para>
+
+ <warning>
+ <para>If after several attempts you are unable to download a copy of the file that
+ produces a valid checksum values you should open a support case to report the
+ problem. </para>
+ </warning>
+
+
+ <section id="verify_RHN_downloaded_files_MD5">
+ <title>Verifying the Downloaded Files</title>
+ <para>After you have downloaded the file, run the <command>md5sum</command> command-line utility and specify
+ the file you downloaded as the first argument. </para>
+
+ <example><title>Using the md5sum tool on Linux or Unix</title>
+<screen>
+$ md5sum jboss-eap-4.3.0.GA_CP03.zip
+b6fd40c285f0243133dd29789f6a08a0 jboss-eap-4.3.0.GA_CP03.zip
+</screen>
+ </example>
+
+ </section>
+</section>
+
+</chapter>
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Tested_Security_Policy.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Tested_Security_Policy.xml (rev 0)
+++ projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/Tested_Security_Policy.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -0,0 +1,77 @@
+<?xml version='1.0'?>
+<!DOCTYPE appendix PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+]>
+
+<appendix id="Common_Criteria_Guide-Tested_Security_Policy">
+
+ <title>Tested Security Policy</title>
+
+ <para>
+ Below is the security policy that was used during the certification evaluation and testing. It does (fill in here with a description of what it does).
+ </para>
+
+ <programlisting>// The Java2 security policy for the securitymgr tests
+// Install with -Djava.security.policy==server.policy
+// and -Djboss.home.dir=path_to_jboss_distribution
+
+// Trusted core Java code
+grant codeBase "file:${java.home}/lib/ext/-" {
+ permission java.security.AllPermission;
+};
+grant codeBase "file:${java.home}/lib/*" {
+ permission java.security.AllPermission;
+};
+// For java.home pointing to the JDK jre directory
+grant codeBase "file:${java.home}/../lib/*" {
+ permission java.security.AllPermission;
+};
+
+// Trusted core Jboss code
+grant codeBase "file:${jboss.home.dir}/bin/-" {
+ permission java.security.AllPermission;
+};
+grant codeBase "file:${jboss.home.dir}/lib/-" {
+ permission java.security.AllPermission;
+};
+grant codeBase "file:${jboss.server.home.dir}/lib/-" {
+ permission java.security.AllPermission;
+};
+grant codeBase "file:${jboss.server.home.dir}/deploy/-" {
+ permission java.security.AllPermission;
+};
+grant codeBase "file:${jboss.server.home.dir}/work/-" {
+ permission java.security.AllPermission;
+};
+
+// Permissions for the WarPermissionsUnitTestCase
+grant codeBase "file:${jboss.test.deploy.dir}/securitymgr/-" {
+ permission java.util.PropertyPermission "*", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+};
+
+// Minimal permissions are allowed to everyone else
+grant {
+ permission java.util.PropertyPermission "*", "read";
+ permission java.lang.RuntimePermission "queuePrintJob";
+ permission java.net.SocketPermission "*", "connect";
+ permission java.security.SecurityPermission "getPolicy";
+ permission java.lang.RuntimePermission "accessClassInPackage.*";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.getSubject";
+ permission javax.management.MBeanServerPermission "findMBeanServer";
+ permission javax.management.MBeanPermission "org.jboss.mx.modelmbean.XMBean#*[JMImplementation:type=MBeanRegistry]", "*";
+ permission javax.management.MBeanPermission "org.jboss.mx.modelmbean.XMBean#*[jboss*:*]", "*";
+ permission javax.security.auth.AuthPermission "createLoginContext.*";
+};
+
+// To handle tests run with JBoss installed from RPMs - http://jira.jboss.com/jira/browse/JBPAPP-60
+grant codeBase "file:/usr/share/java/-" {
+ permission java.security.AllPermission;
+};
+grant codeBase "file:/etc/jbossas/-" {
+ permission java.security.AllPermission;
+};
+</programlisting>
+
+</appendix>
\ No newline at end of file
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_Channels.png
===================================================================
(Binary files differ)
Property changes on: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_Channels.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_EAP_details.png
===================================================================
(Binary files differ)
Property changes on: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_EAP_details.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_Login.png
===================================================================
(Binary files differ)
Property changes on: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_Login.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_address.png
===================================================================
(Binary files differ)
Property changes on: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_address.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_download.png
===================================================================
(Binary files differ)
Property changes on: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_download.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_select_version.png
===================================================================
(Binary files differ)
Property changes on: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/RHN_select_version.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/certificate.png
===================================================================
(Binary files differ)
Property changes on: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/certificate.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/lookup_MD5_value.png
===================================================================
(Binary files differ)
Property changes on: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/lookup_MD5_value.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/rhn_certificate.png
===================================================================
(Binary files differ)
Property changes on: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/rhn_certificate.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/software_downloads.png
===================================================================
(Binary files differ)
Property changes on: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/software_downloads.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/ssl_addressbar.png
===================================================================
(Binary files differ)
Property changes on: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/ssl_addressbar.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/ssl_statusbar.png
===================================================================
(Binary files differ)
Property changes on: projects/docs/enterprise/4.3.3/Common_Criteria_Guide_20081118/en-US/images/ssl_statusbar.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified: projects/docs/enterprise/4.3.3/Getting_Started/en-US/Book_Info.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Getting_Started/en-US/Book_Info.xml 2008-11-19 00:34:52 UTC (rev 81266)
+++ projects/docs/enterprise/4.3.3/Getting_Started/en-US/Book_Info.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -7,8 +7,8 @@
<subtitle>for Use with JBoss Enterprise Application Platform 4.3 Cumulative Patch 3</subtitle>
<edition>2.0</edition>
<pubsnumber>4</pubsnumber>
- <productname>JBoss Application Server</productname>
- <productnumber>4.3.3</productnumber>
+ <productname>JBoss Enterprise Application Platform</productname>
+ <productnumber>4.3</productnumber>
<pubdate>Sep, 2007</pubdate>
<isbn>N/A</isbn>
<abstract><para>This book provides post-installation information about &JBEAP;. Use this guide to familiarise yourself with the platform and the sample applications that demonstrate application development and deployment.</para>
Modified: projects/docs/enterprise/4.3.3/Installation_Guide/en-US/Book_Info.xml
===================================================================
--- projects/docs/enterprise/4.3.3/Installation_Guide/en-US/Book_Info.xml 2008-11-19 00:34:52 UTC (rev 81266)
+++ projects/docs/enterprise/4.3.3/Installation_Guide/en-US/Book_Info.xml 2008-11-19 00:54:37 UTC (rev 81267)
@@ -7,7 +7,7 @@
<subtitle>for Use with JBoss Enterprise Application Platform 4.3 Cumulative Patch 3</subtitle>
<edition>2.0</edition>
<pubsnumber>4</pubsnumber>
- <productname>JBoss Application Server</productname>
+ <productname>JBoss Enterprise Application Platform</productname>
<productnumber>4.3</productnumber>
<pubdate>Sep, 2007</pubdate>
<isbn>N/A</isbn>
More information about the jboss-cvs-commits
mailing list