https://www.rsbac.org/ 2026-05-12T21:59:50+00:00 https://www.rsbac.org/ https://www.rsbac.org/lib/tpl/rsbac/images/favicon.ico text/html 2006-09-18T13:54:14+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/network_access_control?rev=1158587654&do=diff Network Access Control with Templates Network Template Basics Due to the short lived nature of network connections and their related network objects, a scheme of Network Templates has been developed in RSBAC. Network templates describe a set of connection endpoints, which shall be controlled together. Administration is done on the templates instead of the individual network endpoints. Each endpoint inherits the access control settings of the first template it matches. Templates are checked fr… text/html 2006-05-17T15:53:04+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/pm?rev=1147881184&do=diff Privacy Model (PM) Example For demonstration purposes a simple application example has been developed together with Simone Fischer-Hübner. Although several modules are used, our focus clearly lay on the privacy model, being the most complex and powerful. Other modules are used for special purposes. text/html 2006-05-17T15:52:38+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/protection_against_execution?rev=1147881158&do=diff Protection Against Unwanted Execution Administration Goals Protect against execution of uncontrolled files or libraries. Common Steps for All Models * Identify all directories containing executables and all single executables in other directories. Also, identify all directories containing dynamically linked libraries and all such single library files in other directories. As long as the most important directories, e.g. /sbin, /bin, /usr/sbin, /usr/bin, and files, e.g. /lib/*.so* and /usr/l… text/html 2006-10-13T09:05:10+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/rsbac_samples?rev=1160730310&do=diff Easy Samples to Get You Started There are some simple things you can do, which already increase desktop and server security without much interaction: JAIL Solutions * Start Mozilla, etc. in an RSBAC jail without chroot: it will hide all other processes from Mozilla and disallow dirty networking tricks. Try text/html 2006-05-17T15:53:15+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/syslog-ng?rev=1147881195&do=diff Setting Up syslog-ng Logging You can use syslog-ng to log RSBAC log messages, which is much more convenient. Disable logging to system log with the “rsbac_nosyslog” kernel flag, or echo “debug nosyslog 1” > /proc/rsbac-info/debug at runtime. You need the kernel option text/html 2006-05-17T15:52:14+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/tampering_protection_for_exec?rev=1147881134&do=diff Tampering Protection for Executables Administration Goal Protect all executables, e.g. below /sbin, against tampering Common steps for all models * Identify all directories containing executables and all single executables in other directories. As long as the most important directories, e.g. /sbin, /bin, /usr/sbin, /usr/bin, are included, you can find the rest with trial and error later. text/html 2007-11-30T11:56:32+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/tips?rev=1196423792&do=diff Random Tips Want to know -on the fly- if the softmode has been enabled ? Simple with bash: PROMPT_COMMAND='cat /proc/rsbac-info/active|grep SOFTMODE > /dev/null \ && mode=$(echo -e "\e[31;01m") \ || mode=$(echo -e "\e[34;01m")' PS1='\[\033[32;01m\]\u@$mode\h\[\033[0;m\]:\w\$ ' text/html 2006-05-17T15:52:49+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/user_management?rev=1147881169&do=diff Using UM for User Management Problems of Traditional Linux User Management Subsystem The traditional Linux user management, specially the common passwd/shadow scheme with PAM, has several security problems: * PAM libraries running in process context: The PAM libraries are mapped into every process, which has to authenticate users or change user accounts. This means that every single such process must have read or even write access to sensitive authentication data, and an exploit in only one…