===== Configuration =====

You should now have a bootable and usable RSBAC system. You are probably able to boot with the ''rsbac_softmode'' boot parameter or ''rsbac_auth_enable_login'' (see [[documentation:rsbac_handbook:installation:first_boot|First Boot]])

The next step is to understand what needs to be taken care of, i.e.: to be secured on your system.

How to separate every potentially insecure part of the system into different categories ?

How to translate the protection you need into RSBAC models ?

We can start by defining the policy((A security policy represents the RSBAC rules which will protect your system, e.g. a policy could be to deny all access to an application by a user)) into four distinct base categories:
  * [[.configuration_basics:system_base|Base System Protection]]
  * [[.configuration_basics:service_encapsulation|Service Encapsulation]]
  * [[.configuration_basics:user_management|User Management]]
  * [[.configuration_basics:Logging]]


Protection of the base system is necessary in any configuration. To say it straight, it partially depends on the services your system is going to run. However, we should cover most common aspects.

Once you got a layout of your base system protection, you will be able to encapsulate each service into a confined space.

But before setting up any real RSBAC policy, we will explore your current system security and what models we should apply.

//Note: The actual modules/model selection chapter, which help you select the modules you will need, is a little futher in this handbook, in the [[https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/selecting_models|chapter 5]]. It is however recommended to read the chapters in order, to fully understand which modules are suggest.//

\\ 
----
**Table of Contents:** [[documentation:rsbac_handbook|RSBAC Handbook]]\\
**Previous:** [[documentation:rsbac_handbook:installation:first_boot|First Boot]]\\ 
**Next:** [[.configuration_basics:system_base|System Base]]\\