=>  Releases

Stable: 1.4.4
kernel:

  • 2.6.33+

Full RSBAC kernels
Lazy of patching ? Get the already rsbac-patched kernel. Choose your flavor.

Classic kernels
Includes vanilla kernel with the RSBAC patch

  • 2.6.33

Enhanced kernels
PaX+RSBAC kernels

  • 2.6.33 (20100421)

Debian repository
Also works for Ubuntu and other Debian-based distributions, of course

GIT
Cutting edge RSBAC source code, can be unstable sometimes
Kernel | Tools

=>  Events

No events planned

RSBAC 1.4.4

Thurday, 22/April/2010

RSBAC 1.4.4 has been released for the kernel 2.6.33.2

We have recently converted all the RSBAC project to use GIT as main version control system (instead of SVN+SVK). This make things more simple as the upstream kernel is also managed by GIT. The SVN depots are still available, but not up to date and will not be updated anymore.

Please use the GitWeb interface to view the project progress, commit, source code, or download snapshots of the versions in development (see the sidebar)

Most Important changes since 1.4.3:

  • pam_rsbac: check old password before asking for new one
  • Fix RC check for CREATE right on new objects.
  • Backport rsbac_read_open() and rsbac_read_close() fixes from 1.5.
  • Cleanup the release process
  • And of course, many small bug fixes

The complete lists of changes are available here:

OpenSource patches

Thursday, 3/Dec/2009

m-privacy GmbH, the main company funding RSBAC development has opened a new open source website, containing patches and packages for various projects, which you might find interesting.

Specially, you can currently find a few security related patches:

  • Bind9: Disable forwarding for TXT records (against DNS tunneling)
  • OpenSSH: Control access for port forwarding only to specific hosts and ports
  • TigerVNC: Enforce configuration parameters, TLS support
RSBAC 1.4.3

Friday, 27/Nov/2009

RSBAC 1.4.3 has been released for kernel 2.6.31.6.

This release focus on adding new learning mode for the RC and CAP modules. We hope you will enjoy it!

Most Important changes since 1.4.2:

  • Make RCU rate limit boot and runtime configurable
  • Move AUTH auth_program_file kernel-only attribute to GEN program_file
  • Implement CAP learning mode for user and program max_caps
  • Add global RC learning mode for role rights to types
  • Optionally put learning mode results into transactions, one per module
  • Show program path in AUTH learning messages
  • Allow SCD mlock in PM
  • New kernel config RSBAC_SWITCH_BOOT_OFF: ‘Allow to switch modules off with kernel parameter’
  • Show transaction number in learning info messages.
  • Add transaction names for human use and set names for learn transactions.
  • Use -I to backup extra groups in rsbac_usershow backup mode.
  • New rsbac_usermod parameter -I to set a list of extra groups.
  • Add rsbac_usershow -r parameter to add -r to rsbac_useradd in backup mode.
  • Add rsbac_useradd -r and -R parameters to (un)conditionally replace existing.
  • And of course, many bug fixes

The complete lists are available here:

changes-1.4.3.txt

admin-changes-1.4.3.txt

Upgrading from 1.3 or 1.4.x is easy: Compile, install and boot. Some extra checks might require minor adjustments, though.

2.6.31 kernel patch update

Tuesday, 15/Sep/2009

RSBAC 1.4.2 kernel patches and tarballs have been updated to support the latest kernel, 2.6.31. Please note that the common code has been moved to kernel-specific directories since there has been a change to support kernel 2.6.31.

2.6.30.5 kernel patch update

Tuesday, 8/Sep/2009

RSBAC 1.4.2 kernel patches have been updated to support the latest kernel without additional hand patching, for 2.6.30.5. The complete kernel tarballs have also been updated.

Patches, mod_rsbac updates, forum

Tuesday, 16/June/2009

RSBAC 1.4.2 kernel patches have been updated to support the latest kernel, 2.6.30.

mod_rsbac SVN has also been updated, fixing a long standing race condition (albeit not a security issue), that could be triggered when an Apache worker would serve many files in a short amount of time.

mod_rsbac is used in production on rsbac.org and several other web servers.

Finally, we’re happy to announce that we now have a dedicated forum which you’re welcome to use for discussion and questions. Remember that we also have a mailing-list and and irc channel (See: the contact page).

Thanks to Paul D. Robertson for setting up and managing the RSBAC forum.

RSBAC 1.4.2

Friday, 15/May/2009

RSBAC 1.4.2 has been released for kernel 2.6.29.2. We expect a significant speedup and even better SMP scalability from the new RCU based list locking.

There will be no more releases for 2.4 kernels, because new features like RCU require 2.6. Still, 1.4.1 for 2.4.37 is very stable and has no known bugs. Please keep using 1.4.1 for 2.4 like we do. The svn trunk for 2.4 will stay maintained for a while.

Most Important changes since 1.4.0 (somehow we skipped the 1.4.1 announcement):

  • Change generic lists to use RCU instead of rw spinlocks
  • New SCD target videomem on x86 arch to distinguish between video and other kernel memory (SCD kmem) access
  • New config option RSBAC_ENFORCE_CLOSE to really deny close, if decided
  • Check protocol in NETLINK network templates when matching
  • Upgrade to 2.6.29.x, tons of kernel internal API changes again as usual
  • Many small bugfixes

Upgrading from 1.3 or 1.4.x is easy: Compile, install and boot. Some extra checks might require minor adjustments, though.

RSBAC 1.4.0

Thursday, 15/January/2009

RSBAC 1.4.0 has been released for kernels 2.4.37 and 2.6.27.10. (Full announcement)

Most Important changes since 1.3 series:

Upgrading from 1.3 is easy: Compile, install and boot. Some extra checks might require minor adjustments, though.

 

home.txt · Last modified: 2006/05/02 15:40
This website is kindly hosted by m-privacy