====== RSBAC Features ======

//This document list the features provided by RSBAC. In other words, this is what you get by running a RSBAC kernel.//

//Currently non ordered, non complete list//

  * Read-only mode (no attribute writing, for testing)
  * Transactions support (policy changes can be made atomically)
  * Generic list based attributes (objects attributes from all models are stored into hashed, generic lists)
  * In kernel user management (no more /etc/passwd)
  * Network control support
  * Pseudonymous logging (for privacy concerns)
  * Extensive logging capabilities
  * Symlink redirection (symlinks can redirect to another location by role, by uid, by security level or by remote address)
  * Can disable Linux DAC (be sure to convert them with provided tool to RSBAC ACL first)
  * Secure delete (mandatory secure deletion per file, directory or whole filesystem)
  * Hide processes easily with a kernel option
  * Freeze mode (no RSBAC setting can be changed until reboot)
  * Softmode (RSBAC running in non-enforcing mode, can be disabled per single boot)
  * X11 Support
  * Inherited attributes (easy administration)
  * Fast, low overhead solution
  * TTL, define certain accesses at certain dates/time only


//You can find more information about modules by reading the [[documentation:rsbac_handbook:security_models|security models]] document.//

  * Registration modules (security models can be easily added this way)
  * AUTH module (checks everything about user authentication)
  * RC module (Role based model)
  * ACL module
  * MAC module
  * PaX support
  * Dazuko antivirus interface, with caching
  * CAP module (Linux capacities control)
  * JAIL module (seamless, secure chroot, a simple rsbac_jail <opts> program will do it!)
  * RES module (Linux system resources control)
  * FF module (Special RSBAC attributes)
  * PM module (Privacy Module)