https://www.rsbac.org/ 2026-05-12T22:24:55+00:00 https://www.rsbac.org/ https://www.rsbac.org/lib/tpl/rsbac/images/favicon.ico text/html 2009-05-02T19:10:14+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/wiki/experiences/igraltist/rc/apache2?rev=1241291414&do=diff Back to igraltist's experiences / RC Modules Apache2 What should protect with this setup? This files and directories are taken from default installation on GNU/Linux Debian. * Configurationfiles * /etc/apache2 * Apaches Logfiles * /var/log/apache2 * Datas to server * /var/www text/html 2012-05-13T07:30:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/wiki/experiences/igraltist/rc/create_rc_policy_from_scratch?rev=1336894242&do=diff Back to igraltist's experiences /RSBAC RC Info Here I try to collect all information to setup sshd RC policies. I do use some linux tools which I don't explain. Search for open files Each distribution use his own plan where to place an how to name files and directories. There for I use the tool strace to search all opened files. This task is usually needed for the initial role. The initial role does reads the configuration files. text/html 2012-08-18T14:21:45+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/wiki/experiences/igraltist/rc/create_rc_types?rev=1345299705&do=diff Back to igraltist's experiences booting Creating RC type file I use a python script and put all configuration stuff in a dict. #! /usr/bin/env python """ 2012 Setup routine for basic RC rc_fd_types. """ rc_fd_types = { text/html 2009-05-03T01:07:29+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/wiki/experiences/igraltist/rc/default_services?rev=1241312849&do=diff Back to igraltist's experiences / RC Modules Syslog-ng Syslog Create a Role ``Syslog`` and apply it to the syslog binary. rc_set_item ROLE 10 name "Syslog" attr_set_file_dir FILE "/usr/sbin/syslog-ng" rc_initial_role 10 Create ``rc_type_fd`` and assign it RC role 10. rc_set_item TYPE 10 type_fd_name "Syslog_FD" rc_set_item ROLE 10 def_fd_create_type 10 rc_set_item ROLE 10 def_fd_ind_create_type 10 10 rc_set_item ROLE 10 def_unixsock_create_type 10 text/html 2009-05-01T15:00:07+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/wiki/experiences/igraltist/rc/local_login?rev=1241190007&do=diff Local Login For local login i create a new rc-role login and assign this to ``/bin/login`` rc_set_item ROLE 5 name "Login" attr_set_file_dir FILE "/bin/login" rc_initial_role 5 attr_set_file_dir FILE "/bin/login" rc_force_role 5 Permission to set: rc_set_item ROLE 5 type_comp_fd 0 GET_PERMISSIONS_DATA GET_STATUS_DATA READ READ_OPEN SEARCH TRUNCATE MAP_EXEC IOCTL text/html 2009-05-03T01:14:18+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/wiki/experiences/igraltist/rc/login?rev=1241313258&do=diff Back to igraltist's experiences / RC Modules Local Local Login Only if such setup needed. To local login only the ``security-user`` and ``root-user`` are allowed. For local login Iam creating a new RC role ``Login`` and assign this to ``/bin/login`` rc_set_item ROLE 5 name "Login" attr_set_file_dir FILE "/bin/login" rc_initial_role 5 attr_set_file_dir FILE "/bin/login" rc_force_role 4294967295 text/html 2012-05-13T05:59:19+00:00 Anonymous (anonymous@undisclosed.example.com) https://www.rsbac.org/wiki/experiences/igraltist/rc/testing?rev=1336888759&do=diff Back to igraltist's experiences / RC Modules Test Login Login To test if its works, login and type, rc_get_current_role it's should show the assigned Role of the user. Next is to test if the correct filepermission is obtain when create a file in the user homedirectory. touch create_test ls -la create_test