Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
No events planned
This shows you the differences between two versions of the page.
Next revision Both sides next revision | |||
documentation:features [2006/01/11 11:40] kang created |
documentation:features [2006/02/14 09:34] ao Clean up features and add more comments |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== RSBAC Features ====== | ||
- | //This document list the features provided by RSBAC. In other words, this is what you get by running a RSBAC kernel.// | ||
- | |||
- | //Currently non ordered, non complete list// | ||
- | |||
- | * Read-only mode (no attribute writing, for read-only filesystems) | ||
- | * Transactions support (policy changes are atomic) | ||
- | * Generic list based attributes (objects attributes from all models are stored into hashed, generic lists) | ||
- | * In kernel user management (no more /etc/passwd) | ||
- | * Network control support | ||
- | * Pseudonymous administration (for privacy concerns) | ||
- | * Extensive logging capabilities | ||
- | * Symlink redirection (symlinks can redirect by role, to another location) | ||
- | * Can disable Linux DAC (be sure to convert them to RSBAC ACL first) | ||
- | * Secure delete (mandatory secure deletion per file, directory or whole filesystem) | ||
- | * Hide processes easily with a kernel option | ||
- | * Freeze mode (no RSBAC setting can be changed until reboot) | ||
- | * Softmode (RSBAC running in non-enforcing mode) | ||
- | * X11 Support | ||
- | * Inherited attributes (easy administration) | ||
- | * Fast, low overhead solution | ||
- | |||
- | |||
- | //You can find more information about modules by reading the [[documentation:different_models|different models]] document.// | ||
- | |||
- | * Registration modules (security models can be easily added this way) | ||
- | * AUTH module (checks everything about user authentication) | ||
- | * RC module (Role based model) | ||
- | * ACL module | ||
- | * MAC module | ||
- | * PaX support | ||
- | * Dazuko antivirus interface, with caching | ||
- | * CAP module (Linux capacities control) | ||
- | * JAIL module (seamless, secure chroot, a simple rsbac_jail <opts> program will do it!) | ||
- | * RES module (Linux system resources control) | ||
- | * FF module (Special RSBAC attributes) | ||
- | * PM module (Privacy Module) |