Gentoo Logo

Rule Set Based Access Control

Content:

1.  Project Description

This project manages the RSBAC support within Gentoo. This includes providing kernels with RSBAC support (loosely based on the hardened-sources), administration utilites to manage and write strong Gentoo-specific policies. RSBAC works on many different architectures using both the 2.4 or 2.6 Linux kernels.

2.  Project Goals

This project aims to make RSBAC available to more users, improve it, and improve it's integration in Gentoo Linux. We are developing a policy for the base system and the common daemons, as well as other popular programs. Currently we are mostly targetting servers, but desktops will also be supported in the future. The required tool for the policies is still being developped.

3.  What is RSBAC?

RSBAC (Rule Set Based Access Control) is free Open Source (GPL) Linux kernel security extension. RSBAC's main concept is modularity. It uses several well-known and new security models, including MAC, ACLs, PaX and RC among a few others. RSBAC has control over individual users and program network accesses using any combination of the possible security models. It is also as extensible as it is modular: you can write your own models for runtime registration. Finally, RSBAC provides an excellent support for the most newest stable and development Linux kernels.It is in production use from January 2000 and has proven to be very stable. You are also suggested to read the more detailled overview.

However, RSBAC itself is not a complete security solution by itself: it only gives the possibility of applying security models. Fortunately, it works well with other Hardened projects to bring you a complete solution.

4.  Developers

Developer Nickname Role
Anthony G. Basile blueness Lead ( rsbac-sources )

All developers can be reached by e-mail using nickname@gentoo.org.

5.  Subprojects

The RSBAC project has the following subprojects:

Project Lead Description
x86 Support for the x86 architecture.
Documentation Full documentation for the RSBAC project.

6.  Planned subprojects

The RSBAC project has the following subprojects planned:

Project Description
Base Policy RSBAC policy for the core system, including users, administrators, and daemons in the system profile.
Desktop RSBAC support on desktops.

7.  Resources

Resources offered by the RSBAC project are:

8.  How Do I Use This?

RSBAC can be installed new on a system by following the above install guide for your architecture. If there is not an install guide for your architecuture yet, it is still possible to install by following the Gentoo Handbook. When the system is installed, convert it to RSBAC by using the Quickstart Guide. It is suggested that you use the Hardened profile or use "hardened pie" as your USE flags during this installation.

Converting a preexisting Gentoo installation to RSBAC can be done by following the Quickstart Guide.

9.  I Want to Participate

To participate in the RSBAC project first join the mailing list at gentoo-hardened@gentoo.org. Then ask if there are plans to support something that you are interested in, propose a new subproject that you are interested in or choose one of the planned subprojects to work on. You may talk to the developers and users in the IRC channel #gentoo-hardened on irc.freenode.net for more information or just to chat about the project or any subprojects. If you don't have the ability to actively help by contributing work we will always need testers to use and audit the RSBAC policies. All development, testing, and productive comments and feedback will be greatly appreciated.



Print

Summary: RSBAC is Mandatory Access Control security system based on the GFAC framework logic. It includes standard models, like the Role Compatibility, Access Control Lists and Mandatory Access Control. RSBAC enforces access control rules on your operating system.

Gentoo Project
script generated

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.