===== RSBAC Features ===== //Note: This document list the features provided by RSBAC. In other words, this is what you get by running a RSBAC kernel.// //Note: Currently non ordered, incomplete listing// * Read-only mode (no attribute writing, for testing) * Transactions support (policy changes can be made atomically) * Generic list based attributes (objects attributes from all models are stored into hashed, generic lists) * In kernel user management (no more /etc/passwd) * Network control support * Pseudonymous logging (for privacy concerns) * Extensive logging capabilities * Symlink redirection (symlinks can redirect to another location by role, by uid, by security level or by remote address) * Can disable Linux DAC (be sure to convert them with provided tool to RSBAC ACL first) * Secure delete (mandatory secure deletion per file, directory or whole filesystem) * Hide processes easily with a kernel option * Freeze mode (no RSBAC setting can be changed until reboot) * Softmode (RSBAC running in non-enforcing mode, can be disabled per single boot) * X11 Support * Inherited attributes (easy administration) * Fast, low overhead solution //Note: You can find more information about modules by reading the [[documentation:rsbac_handbook:security_models|different models]] section of the handbook.// * Registration modules (security models can be easily added this way) * AUTH module (checks everything about user authentication) * RC module (Role based model) * ACL module * MAC module * PaX support * Dazuko antivirus interface, with caching * CAP module (Linux capacities control) * JAIL module (seamless, secure chroot, a simple rsbac_jail program will do it!) * RES module (Linux system resources control) * FF module (Special RSBAC attributes) * PM module (Privacy Module) \\ ---- **Table of Contents:** [[documentation:rsbac_handbook|RSBAC Handbook]]\\ **Previous:** [[History]]\\ **Next:** [[Design Goals]]