Re: Usage of RSBAC ?


From: ao@morpork.shnet.org (A. Ott)
Subject: Re: Usage of RSBAC ?
Date: 05 Oct 1999 12:55:00 +0200

Next Article (by Date): Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Re: BUGFIX: Loading kernel modules with ACL turned on ao@morpork.shnet.org (A. Ott)
Top of Thread: Usage of RSBAC ? Luc Stepniewski
Articles sorted by: [Date] [Author] [Subject]


********* ***************** ********** ****  *****   ***** ************
  To subject Usage of RSBAC ?
  lstep@mail.dotcom.fr (Luc Stepniewski)  wrote:
********** ******************** ******  ********  ******* *************

> I'm trying to install/use RSBAC (1.0.9) but I'm having some problems:
>
> I compiled the kernel (2.2.12) with the given default parameters from
> RSBAC (have all of the policies support to 'Y').
> Does this mean they are all active when I boot the newly created kernel
> or are they just "activable" ?

They are all active, but can be switched off by authorized users, if  
CONFIG_RSBAC_SWITCH has been selected (default).

The default configuration is designed to get your system up without  
trouble, so you might not notice the modules are active. /proc/rsbac-info/ 
stats as well as the rsbac_init() boot messages tell you which models are  
currently supported. If you did not switch them off (what generates a  
syslog warning message in all cases), they are all active.

> What Policies are completed/usable ?

All policies are fully implemented and (hopefully) usable as described in  
models.htm. My favourite is a combination of AUTH, RC and ACL. RC might me  
left out when ACL groups have been added.

> Is there one of the defined policies that could do some "Process based"
> security ? Something like what was done by the Thirdpig company
> (www.thirdpig.com) where process can be restricted on a file/directory basis
> and a kernel syscalls basis ?

All decisions are based on the process requesting them. Since a process  
runs a program from a file in the name of a user, process, file and user  
attributes are taken into account.

I do not (yet) know the thirdpig model, so I am not sure about your  
question. It is possible that the thirdpig model could be implemented as a  
RSBAC model.

Amon.

--
Please remove second ao for E-Mail reply - no spam please!
## CrossPoint v3.11 ##
-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Plans with RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Date): Re: BUGFIX: Loading kernel modules with ACL turned on ao@morpork.shnet.org (A. Ott)
Top of Thread: Usage of RSBAC ? Luc Stepniewski
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.