=>  Releases

Current version
Git/Snapshot: 1.5.3
Release: 1.5.0

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

RSBAC 1.4.3

Friday, 27/Nov/2009

RSBAC 1.4.3 has been released for kernel 2.6.31.6.

This release focus on adding new learning mode for the RC and CAP modules. We hope you will enjoy it!

Most Important changes since 1.4.2:

  • Make RCU rate limit boot and runtime configurable
  • Move AUTH auth_program_file kernel-only attribute to GEN program_file
  • Implement CAP learning mode for user and program max_caps
  • Add global RC learning mode for role rights to types
  • Optionally put learning mode results into transactions, one per module
  • Show program path in AUTH learning messages
  • Allow SCD mlock in PM
  • New kernel config RSBAC_SWITCH_BOOT_OFF: ‘Allow to switch modules off with kernel parameter’
  • Show transaction number in learning info messages.
  • Add transaction names for human use and set names for learn transactions.
  • Use -I to backup extra groups in rsbac_usershow backup mode.
  • New rsbac_usermod parameter -I to set a list of extra groups.
  • Add rsbac_usershow -r parameter to add -r to rsbac_useradd in backup mode.
  • Add rsbac_useradd -r and -R parameters to (un)conditionally replace existing.
  • And of course, many bug fixes

The complete lists are available here:

changes-1.4.3.txt

admin-changes-1.4.3.txt

Upgrading from 1.3 or 1.4.x is easy: Compile, install and boot. Some extra checks might require minor adjustments, though.

2.6.31 kernel patch update

Tuesday, 15/Sep/2009

RSBAC 1.4.2 kernel patches and tarballs have been updated to support the latest kernel, 2.6.31. Please note that the common code has been moved to kernel-specific directories since there has been a change to support kernel 2.6.31.

2.6.30.5 kernel patch update

Tuesday, 8/Sep/2009

RSBAC 1.4.2 kernel patches have been updated to support the latest kernel without additional hand patching, for 2.6.30.5. The complete kernel tarballs have also been updated.

Patches, mod_rsbac updates, forum

Tuesday, 16/June/2009

RSBAC 1.4.2 kernel patches have been updated to support the latest kernel, 2.6.30.

mod_rsbac SVN has also been updated, fixing a long standing race condition (albeit not a security issue), that could be triggered when an Apache worker would serve many files in a short amount of time.

mod_rsbac is used in production on rsbac.org and several other web servers.

Finally, we’re happy to announce that we now have a dedicated forum which you’re welcome to use for discussion and questions. Remember that we also have a mailing-list and and irc channel (See: the contact page).

Thanks to Paul D. Robertson for setting up and managing the RSBAC forum.

RSBAC 1.4.2

Friday, 15/May/2009

RSBAC 1.4.2 has been released for kernel 2.6.29.2. We expect a significant speedup and even better SMP scalability from the new RCU based list locking.

There will be no more releases for 2.4 kernels, because new features like RCU require 2.6. Still, 1.4.1 for 2.4.37 is very stable and has no known bugs. Please keep using 1.4.1 for 2.4 like we do. The svn trunk for 2.4 will stay maintained for a while.

Most Important changes since 1.4.0 (somehow we skipped the 1.4.1 announcement):

  • Change generic lists to use RCU instead of rw spinlocks
  • New SCD target videomem on x86 arch to distinguish between video and other kernel memory (SCD kmem) access
  • New config option RSBAC_ENFORCE_CLOSE to really deny close, if decided
  • Check protocol in NETLINK network templates when matching
  • Upgrade to 2.6.29.x, tons of kernel internal API changes again as usual
  • Many small bugfixes

Upgrading from 1.3 or 1.4.x is easy: Compile, install and boot. Some extra checks might require minor adjustments, though.

RSBAC 1.4.0

Thursday, 15/January/2009

RSBAC 1.4.0 has been released for kernels 2.4.37 and 2.6.27.10. (Full announcement)

Most Important changes since 1.3 series:

Upgrading from 1.3 is easy: Compile, install and boot. Some extra checks might require minor adjustments, though.

RSBAC 1.4.0-rc3

Monday, 10/November/2008

RSBAC 1.4.0-rc3 has been released for kernels 2.4.36 and 2.6.27. (Full announcement)

  • New interception review
  • Splitted 2.4 and 2.6 common code
  • Automount support converted for vfsmount usage
  • Long username support in VUM
  • Many bugs fixed

Please note that we plan to release this last candidate as 1.4.0, so please test it as much as possible, thanks!

You can get it at the usual location.

RSBAC 1.3.7

Tuesday, 19/February/2008

RSBAC 1.3.7 has been released for kernels 2.4.36 and 2.6.23. (Full announcement)

  • Supports secure delete on XFS and JFS
  • New kernel parameter rsbac_list_recover to register lists even if reading from disk fails
  • Correct pam install location automatically on x86_64
  • Many bugs fixed

See the kernel change log and tools change log for more information.

 

home.txt · Last modified: 2013/09/02 00:07 by tazok
This website is kindly hosted by m-privacy