https://www.rsbac.org/ 2026-04-14T21:44:10+00:00 https://www.rsbac.org/ https://www.rsbac.org/lib/tpl/rsbac/images/favicon.ico text/html 2009-01-12T11:41:41+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples?rev=1231760501&do=diff Administration Examples * Easy Samples to Get You Started * Tampering Protection for Executables * Protection Against Unwanted Execution * Using UM for User Management * Network Access Control with Templates * Privacy Model (PM) Example User Contributions * Setting Up syslog-ng Logging * Random Tips * RSBAC wiki ---------- Table of Contents: RSBAC Handbook Previous: DAZ: Dazuko Malware Scanner Next: Maintenance text/html 2007-10-11T14:12:32+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/breaking_requirements_into_designs?rev=1192111952&do=diff Breaking the Requirements into Model Specific Designs Remember the System base page in this chapter ? We will now re-use it but add information about what needs to be done to achieve the system base protection with different modules. AUTH The selection of local users and the services they use to login are easily mapped into an AUTH module configuration. The same module can also deny access to unauthenticated users, e.g. using RSBAC User Management or with a separate daemon, while the RC mode… text/html 2007-10-11T13:44:19+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/logging?rev=1192110259&do=diff Logging What to log ? We already know that most things happening on the system are subject to audit with RSBAC. However, the logging facility is only a tool, and like every tool, it's usefulness is only seen if you know how to use that tool. We can divide the audit you need into different categories: text/html 2014-02-13T09:54:11+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/selecting_models?rev=1392285251&do=diff Selecting a Security Model Combination Note: Please see the Security Modules page for more information about the different modules and the model they provide Let's start by reviewing the module table In the following table, you can find a summary of every available module. text/html 2009-01-12T09:52:55+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/service_encapsulation?rev=1231753975&do=diff Service Encapsulation All services and all network clients running on a computer system should be considered for encapsulation. Encapsulation means that all programs providing a service or some network access, are restricted to the absolutely necessary access rights, but also get protected from all other services and client programs. This way, misbehaving programs cannot harm other services or clients, except denial of service attacks by resource exhaustion. text/html 2009-01-13T10:56:11+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/setting_up_modules?rev=1231844171&do=diff Setting up RSBAC Decision Modules Basically, all RSBAC decision modules are independent from each other. However, some exceptions exist and are explicitely mentioned in the module descriptions. E.g., AUTH settings can also be controlled by all other modules, depending on their kernel configuration. text/html 2009-01-12T11:39:11+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/system_base?rev=1231760351&do=diff Base System Protection We can split down the base system into different system objects, or elements. Filesystem Structure There are common, default directories that contain the base programs needed to run your operating system. Most common ones are: text/html 2009-01-12T11:14:54+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/user_management?rev=1231758894&do=diff User Management Configuration Before you improve system security by activating RSBAC User Management, it is strongly recommended to read the overview under User Management. User management (UM) must be enabled in RSBAC kernel configuration. To get passwords encrypted with SHA1, this algorithm must first be enabled in the kernel Crypto menu. Only with SHA1 enabled, the User Management menu will show the option for encryption! After configuration, compile and install the kernel as usual.