RSBAC based distribution. ALT Linux Castle.

From: Stanislav Ievlev <inger@altlinux.ru>
Subject: RSBAC based distribution. ALT Linux Castle.
Date: Sat, 28 Apr 2001 16:54:24 +0400

Next Article (by Date): Re: [crispin@WIREX.COM: Linux Security Module Interface] Amon Ott
Previous Article (by Date): Re: [crispin@WIREX.COM: Linux Security Module Interface] Volckov Konstantin Michailovich
Articles sorted by: [Date] [Author] [Subject] 

Hello RSBAC people!


"ALT Linux" company presents beta of new distribution for servers - ALT Linux Castle.

General features:

+ Full RSBAC Support. RSBAC is on of the most powerful security system in the world. Castle is configured for use in secure mode 
right after install.
+ ALT Linux Castle is the first Linux server distribution with crypt_blowfish as default password hashing algorithm.
+ All base servers run in chrooted environment.
+ All system packages are configured for maximum security.


Brief instructions:
1. During installation process you will have to create security officer account.This is a user that can setup RSBAC security configuration.
2. Installer applies to RSBAC kernel two special parameters "rsbac_auth_enable_login" and "rsbac_softmode". Please, don't remove it. 
You will need it for correct installation process.
3. Run RSBAC kernel just after system installation.
4. After reboot RSBAC will function in normal mode. If you need 'soft' mode again, use 'rsbac_softmode' kernel parameter during boot.
5. After finishing system configuration please reboot your server.
6. RSBAC will work in normal mode at all future startups of the system. You can  boot RSBAC kernel in "soft" mode again using "rsbac_softmode" 
kernel parameter.
7. Login as security officer you have created during installation process and run main RSBAC configuration utility "rsbac_admin".
       

Default security configuration:
* All system directories are in "read only" and "execute only" mode.
* Base system configuration files (e.g /etc/lilo.conf /etc/fstab) are also in read only mode.
* Home directory is available only for users  and security officer (but he has no access to user's home directories).Security Officer's home is 
situated in the root directory (/secoff) and is open only for the owner. You can also create trusted environment for security officer 
by putting special files into the home.
* There are some useful scripts in security officer's home: to enable/disable useradd, to enable/disable install and 
an example  script for http protection.


Links:

ISO image (coming soon): ftp://ftp.altlinux.ru/pub/distributions/ALTLinux/ISO/
Sources and binaries: ftp://ftp.altlinux.ru/pub/distributions/ALTLinux/Castle/beta/
Home: http://people.altlinux.ru/inger/index-en.html


Enjoy!
----------------------
With best regards 
Stanislav Ievlev
<inger@linux.ru.net>

ALT Linux Team


		       

-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: [crispin@WIREX.COM: Linux Security Module Interface] Amon Ott
Previous Article (by Date): Re: [crispin@WIREX.COM: Linux Security Module Interface] Volckov Konstantin Michailovich
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.