Rule Set Based Access Control
This project manages the RSBAC support within Gentoo. This includes providing kernels with RSBAC support (loosely based on the hardened-sources), administration utilites to manage and write strong Gentoo-specific policies. RSBAC works on many different architectures using both the 2.4 or 2.6 Linux kernels.
This project aims to make RSBAC available to more users, improve it, and improve it's integration in Gentoo Linux. We are developing a policy for the base system and the common daemons, as well as other popular programs. Currently we are mostly targetting servers, but desktops will also be supported in the future.
The required tool for the policies is still being developped.
What is RSBAC?
RSBAC (Rule Set Based Access Control) is free Open Source (GPL) Linux kernel security extension. RSBAC's main concept is modularity. It uses several well-known and new security models, including MAC, ACLs, PaX and RC among a few others. RSBAC has control over individual users and program network accesses using any combination of the possible security models. It is also as extensible as it is modular: you can write your own models for runtime registration. Finally, RSBAC provides an excellent support for the most newest stable and development Linux kernels.It is in production use from January 2000 and has proven to be very stable. You are also suggested to read the more detailled overview.
However, RSBAC itself is not a complete security solution by itself: it only gives the possibility of applying security models. Fortunately, it works well with other Hardened projects to bring you a complete solution.
|Anthony G. Basile
||Lead ( rsbac-sources )
All developers can be reached by e-mail using firstname.lastname@example.org.
project has the following subprojects:
Support for the x86 architecture.
Full documentation for the RSBAC project.
project has the following subprojects planned:
RSBAC policy for the core system, including users, administrators, and
daemons in the system profile.
RSBAC support on desktops.
Resources offered by the
How Do I Use This?
RSBAC can be installed new on a system by following the above install guide
for your architecture. If there is not an install guide for your architecuture
yet, it is still possible to install by following the Gentoo Handbook.
When the system is installed, convert it to RSBAC by using the
It is suggested that you use the Hardened profile or use "hardened pie" as your USE flags during this installation.
Converting a preexisting Gentoo installation to RSBAC can be done by
following the Quickstart Guide.
I Want to Participate
To participate in the RSBAC project first join the mailing list at
email@example.com. Then ask if there are plans to support
something that you are interested in, propose a new subproject that you are
interested in or choose one of the planned subprojects to work on. You may talk
to the developers and users in the IRC channel #gentoo-hardened on
irc.freenode.net for more information or just to chat about the project
or any subprojects. If you don't have the ability to actively help by
contributing work we will always need testers to use and audit the RSBAC
policies. All development, testing, and productive comments and feedback will
be greatly appreciated.