4月ごろにプレスがあったPitBullのLinux版はSUSEと組んだようだ。

Enhanced Security for SUSE Linux Enterprise 10 with MLS Announced by Argus Systems Group
http://www.argus-systems.com/feature/asgn/articles/14Aug2006%20PFD%20Linux.pdf

スポンサーとはやっぱりNovellだったのね。

Argus Systems Group, the global leader in secure systems technology, today announced its intention to support PitBull Foundation for SUSE Linux Enterprise.

OSSで提供されそうなのは以前のプレスと変わらない。

PitBull Foundation for Linux will be an open source add-on product that converts a Linux operating system to a trusted operating system.

機能はLinux版もSolaris版やAIX版と同じようだ。というのも以前のプレスと変わらない。

The Linux version will have the same functions and feature set as the AIX and Solaris products currently offered by Argus.

NovellのVPからのお言葉

“The addition of the Argus MLS solution to the Linux community is good news for our customers with strong security requirements,” said Holger Dyroff, Vice President of Product Management at Novell.

AppArmorでもPitBullでも必要に応じて好きなほう選びなさいとのこと

“We are pleased that the Argus MLS product will be able to stack with
and complement Novell AppArmor application security. Now users will be able to choose the strength of MLS, the ease of use of AppArmor, or both, as their needs dictate.”

SUSEはPitBullを使用してCCのLSPPでEAL4を狙う
AIXと同じパターンだな

Argus plans to submit this product for a Common Criteria evaluation under the LSPP at EAL 4+. PitBull Foundation for AIX 5.2 has been certified at this level and the AIX 5.3 version is currently in evaluation.

以前のLinuxは禁止されていて使えなかったけど、MLSを追加すると使えるようになる。
あの分野のことですね。

PitBull Foundation adds critical functionality to Linux systems while enhancing the security," said Mikel Matthews, CTO at Argus.
"By adding the MLS capabilities to Linux systems (e.g., SUSE Linux Enterprise Server 10), they can now be used in areas where they were prohibited before."

AppArmorを押していたNovellはPitBullを使ってLSPPの領域ではSELinuxと真っ向勝負ですね。SELinuxとPitBullを比べたときに機能的に大きく異なる違いはなさそうだし(MAC、LP、RBACの仕組みはぜんぜん違うけど。PitBullFoundationはTrustedSolarisの仕組みに近いし)、差別化はやっぱり管理ツールの存在なのかなあ。現状のPitBullはGUIツールがまったくないけど。でも、YaSTからの設定ができるようになったらイイナ。

で、今回はFoundation for Linuxのみしか書いてないけど、Foundation Suite for Linuxのほうも気になるところ。