RSBAC Handbook Releases
Stable: 1.3.7
for kernels:
- 2.4.36
- 2.6.23.14
Devel 1.4: 1.4.0-pre1
for kernels:
- 2.4.35.4
- 2.6.23.9
Full RSBAC kernels
Lazy of patching ?
Get the already rsbac-patched kernel. Choose your flavor.
Classic kernels
Includes vanilla kernel with the RSBAC patch
- 2.6.23.14
- 2.4.35.3
Enhanced kernels
Kernels including latest security fixes, goodies, and of course PaX+RSBAC
- 2.6.23.15 (20080217)
- 2.4.36 (20080217)
Debian repository
Also works for Ubuntu and other Debian-based distributions, of course
SVN
Cutting edge RSBAC source code, can be unstable sometimes
Events
No events planned
Configuration Basics
You should now have a bootable and usable RSBAC system. You are probably able to boot with the rsbac_softmode boot parameter or rsbac_auth_enable_login (see First Boot)
The next step is to understand what needs to be taken care of, i.e.: to be secured on your system.
How to separate every potentially insecure part of the system into different categories ?
How to translate the protection you need into RSBAC models ?
We can start by defining the policy1) into two distinct base categories and the extra logging category:
- Base System Protection
- Service Encapsulation
- Logging
Protection of the base system is necessary in any configuration. To say it straight, it partially depends on the services your system is going to run. However, we should cover most common aspects.
Once you got a layout of your base system protection, you will be able to encapsulate each service into a confined space.
But before setting up any real RSBAC policy, we will explore your current system security and what models we should apply.
Table of Contents: RSBAC Handbook
Previous: First Boot
Next: System Base