http://rsbac.m-privacy.de/ 2011-12-18T06:46:48+01:00 http://rsbac.m-privacy.de/ http://rsbac.m-privacy.de/lib/images/favicon.ico text/html 2011-12-13T15:12:08+01:00 http://rsbac.m-privacy.de/download?rev=1323785528&do=diff1323785528 All the RSBAC code is copyrighted (c) 1997-2011 by Amon Ott <ao@rsbac.org> (except where explicitly stated otherwise in the code), and published under the GNU General Publishing License v2. Please consult the RSBAC copyright notice for details. text/html 2011-12-13T15:05:26+01:00 http://rsbac.m-privacy.de/home/2011/12/13/150247?rev=1323785126&do=diff1323785126 RSBAC 1.4.6 Tuesday, 13/December/2011 RSBAC 1.4.6 has been released for the kernel 3.1.5. Most important changes since 1.4.5: * Add RSBAC syscalls and tools parameters to get and set UM password history size per user * Security bugfix for sys_open() request types (see earlier post) * Add rsbac_jail parameter -K for allow_netlink flag * Add rsbac_usershow parameters to list users with shell or full name text/html 2011-12-13T14:01:14+01:00 http://rsbac.m-privacy.de/site/sidebar?rev=1323781274&do=diff1323781274 Stable: 1.4.6 * 3.1.y Patched kernels Includes vanilla kernel with the RSBAC patch * 3.1.5 Enhanced kernels Combined patches with RSBAC and PaX, less well tested GIT RSBAC source code, can be unstable sometimes text/html 2011-12-13T13:26:58+01:00 http://rsbac.m-privacy.de/download/quick?rev=1323779218&do=diff1323779218 Quick Install Install from pre-patched sources: * Unpack pre-patched kernel source tree: tar xvjf linux-X.Y.Z-rsbac-A.B.C.tar.bz2 * cd linux-X.Y.Z-rsbac-A.B.C * make menuconfig * make bzImage modules modules_install * Install the new kernel arch/<arch-name>/boot/bzImage with your favorite boot loader. text/html 2011-11-30T09:57:58+01:00 http://rsbac.m-privacy.de/home/2011/11/30/095322?rev=1322643478&do=diff1322643478 Security bugfix for RSBAC for kernels 2.6.35 and later Wednesday, 30/Nov/2011 Unfortunately, there is a severe bug in the code that determines the RSBAC request type in sys_open() calls. As a result from this bug, open access will be decided upon by RSBAC with wrong request type, a read open can happen unnoticed. A read() access after opening is intercepted as intended, because only the open interception is wrong. text/html 2011-09-11T19:57:48+01:00 http://rsbac.m-privacy.de/wiki/experiences/igraltist/rc_old?rev=1315763868&do=diff1315763868 RC Module RC Testsetup Prepare the System to get more verbose description what is missing on RC you should set this debug options. Append in the ``/boot/grub/menu.lst`` for the used rsbac-kernel on line ``kernel`` rsbac_softmode rsbac_nosyslog rsbac_cap_process_hiding rsbac_debug_adf_auth rsbac_debug_adf_rc rsbac_debug_adf_jail rsbac_debug_adf_um rsbac_debug_jail_log_missing_rbsac_debug_cap_log_missing This can enter on grubs promt too. text/html 2011-08-12T10:01:55+01:00 http://rsbac.m-privacy.de/home/2011/08/12/100054?rev=1313136115&do=diff1313136115 New git repo for 3.0 Friday, 12/Aug/2011 RSBAC has been successfully ported to Linux kernel 3.0, you find a new git repo at <http://git.rsbac.org>. Please test it and report so that we can make a new 3.0 based release soon. text/html 2011-08-11T12:21:14+01:00 http://rsbac.m-privacy.de/todo?rev=1313058074&do=diff1313058074 RSBAC Progression and Roadmap This page reflects our current work queue - if you miss anything here, it will probably not happen. Please discuss any wishes on the at <rsbac@rsbac.org> or open a bug. The RSBAC development team. Planned for the next release 1.5 * CAP learning mode for single programs. (possibly 1.4 feature) * Persistent transactions, preserved between reboots. * RC learning mode - per role, with object types already set before learning. Learn only access rights. Use … text/html 2011-08-11T12:19:07+01:00 http://rsbac.m-privacy.de/contact?rev=1313057947&do=diff1313057947 Mailing Lists Please join the RSBAC (<rsbac@rsbac.org>) by sending a mail to <rsbac-request@rsbac.org> with ‘subscribe’ as single line in the body, if you want to discuss things and get informed about plans and changes. You can also consult our (secondary). Old articles from the old mailing-list (1998) are archived. text/html 2011-08-11T12:17:59+01:00 http://rsbac.m-privacy.de/links?rev=1313057879&do=diff1313057879 Linux Distributions with RSBAC * Adamantix (started as Trusted Debian) * Gentoo Linux However various users provide support. * Mandriva * T2 * Annvix * ALT Linux Castle * Kaladix Linux * Sniffix, Bencsath Boldizsar made a Knoppix based live CD for RSBAC demonstration. Please read the description first before downloading * ArchLinux Supported through the AUR text/html 2011-07-14T16:53:23+01:00 http://rsbac.m-privacy.de/home/2011/07/14/165049?rev=1310655203&do=diff1310655203 New git repo for 2.6.39 Thursday, 14/Jul/2011 RSBAC has been successfully ported to 2.6.39.3, you find a new git repo at <http://git.rsbac.org>. Please test it and report so that we can make a new release soon. text/html 2011-07-01T06:38:27+01:00 http://rsbac.m-privacy.de/wiki/experiences/igraltist/acl-su?rev=1309495107&do=diff1309495107 Back to igraltist's experiences/RSBAC ACL Problem description On standard linux system nothing prevented the root user switch to any other user. Solution with ACL Groups This is only example for ACL. The AUTH and or the RC module is much comfortable. All have to do as security user (uid 400).