[[wiki:experiences/igraltist|Back to igraltist experiences]]
===== Requirements =====
RSBAC can use on every modern computer on which the linux kernel 2.4 or 2.6 runs >3.0. The kernel support for 2.4 and 2.6 is droped.
You can choose your favorite linux distribution.
My favorites are [[http://www.gentoo.org/proj/en/hardened/rsbac/index.xml|gentoo]] and [[http://debian.org|debian]].
I have tested it on an old cpu with 133Mhz and 64MB.\\
Also without problems on a modern amd dualcore cpu and intel quadcore cpu both have 8GB ram and other computers that runs linux.
Very few hard disk space would be needed. Roughly 10MB for the rsbac-admin tools and additional disk space for the rsbac kernel when they are installed.
Don't forget the disk space for the logfile!\\
This can grow very fast in some circumstances.
It can be from few megabytes till to several gigabytes in one hour.
[[wiki:experiences/igraltist/installation#|Top]]
===== Kernel installation ======
There are different ways to get the rsbac-kernel sources. Take a lock on the [[http://www.rsbac.org/download|download site]].
- [[http://www.rsbac.org/download/quick#install_from_pre-patched_sources|Install pre patches sources]]
- [[http://www.rsbac.org/download/quick#patch_your_self|Patch your self]]
- [[http://git.rsbac.org/cgi-bin/gitweb.cgi|Clone a git repository]]
- If using gentoo-hardened: emerge -av rsbac-sources
[[wiki:experiences/igraltist/installation#|Top]]
===== Kernel configuration =====
Kernel configuration is done usually by your distribution for you when you are using a distribution kernel.
RSBAC is not in any distribution pre configured. It has approximatly 100 options in the kernel configuration for softmode. This can leed on a new installation for an beginner when reading every help and searching for detail explainations to long time to configure.
To short up this I have build some predefined RSBAC profile.
There is a problem when using `make menuconfig` and you have an already running RSBAC kernel with kernel configuration in `/boot` that you can never choose a correct profile in this way. The loaded kernel configuration variables can't unset so far I know. Therefor I use just some linux tools and do not patch the rsbac-sources/rsbac/Kconfig.
The profile can download here http://kasten-edv.de/download/rsbac/profile.
From now an I assuming that the kernel source are prepared.
# FIX: not working need script soon
#assuming this path is set as symlink to the rsbac sources
cd /usr/src/linux
# download profile softmode
wget http://kasten-edv.de/download/rsbac/profile/base-entry-soft
# its compressed so moved and uncompress it
mv base-entry-soft base-entry-soft.gz
gunzip base-entry-soft.gz
# build config based on your running kernel config
make oldconfig
# clean if there any rsbac stuff
grep -v "RSBAC" .config > my_config
# append the profile
cat base-entry-soft >> my_config
# use it as config
mv my_config .config
# don't call make menuconfig to just check it because some values are set in rsbac/Kconfig which I don't wont active at this moment
# Fix: a script which replace the rsbac/Kconfig like: rsbac-profile base-soft
# Then make menuconfig can call again and the steps above not needed
enablead the follow module:
* AUTH
* CAP
* JAIL
* RC
# build and install the kernel
make && make install && make modules_install
[[wiki:experiences/igraltist/installation#|Top]]
===== Configure bootloader =====
For full list of [[http://www.rsbac.org/documentation/rsbac_handbook/appendixes/rsbac_reference/kernel_parameters|kernel parameters]].
From the example above this should add to your using bootloader configuration file.
rsbac_softmode rsbac_cap_process_hiding rsbac_jail_log_missing rsbac_cap_log_missing
Example for grub1:
kernel /vmlinuz-3.2.12-rsbac root=/dev/sda2 ro rsbac_softmode rsbac_cap_process_hiding rsbac_jail_log_missing rsbac_cap_log_missing
[[wiki:experiences/igraltist/installation#|Top]]
===== Install rsbac-admin =====
If you are using Gentoo hardened you can do:
emerge -av rsbac-admin
Or, you have to [[http://www.rsbac.org/download|download]] the rsbac-admin which bring the userland tools for RSBAC. Choose the rsbac-admin version as the same which your rsbac-kernel support. Example for version 1.4.6:
wget http://www.rsbac.org/dl.php?file=code/1.4.6/rsbac-admin-1.4.6.tar.bz2
Unpack it and change to rsbac-admin directory. There you can call make. Read the help information and make your choice.
I think make build-all && make install would be sufficient.
From now on the system is ready to boot.
Reminder: Make sure you have enough space for the logfiles.
To see which programs are installed by rsbac-admin take a look to the [[wiki:experiences/igraltist/manpages|online-manpages]]
[[wiki:experiences/igraltist/installation#|Top]]
===== Install rsbac-tools =====
Some example which I will describe use some scripts from my repository. Its in alpha state but scripts are working.
Its use the mercurial versions control system. The scripts itself are in python.
You can download or clone it.
# dowload it
wget http://hg.kasten-edv.de/rsbac-tools/archive/tip.tar.bz2
Unpack the sources and change into the directory.
# clone the rsbac-tools
hg clone http://hg.kasten-edv.de/rsbac-tools
# install it
python setup.py install
This scripts are installed and used:
^ Programname ^ Function ^
| run-jail | used to setup daemon in rsbac_jail with configuration files |
| run-jail-helper | create or modify a configuration file for run-jail, add symlink |
| ps-jail | display human readable rsbac jail information |
| updater-shell | shell for admin user updater with predefined commands |
| shields | switch different levels for FF module on or off |
| add-rsbac-um-user | add an user when UM module is in use |
[[wiki:experiences/igraltist/installation#|Top]]
===== Uninstall =====
Just boot into your distribution kernel and remove the security user.
Also all directory rsbac.dat can delete.
[[wiki:experiences/igraltist/installation#|Top]]