Note: This document list the features provided by RSBAC. In other words, this is what you get by running a RSBAC kernel.
Note: Currently non ordered, incomplete listing
Read-only mode (no attribute writing, for testing)
Transactions support (policy changes can be made atomically)
Generic list based attributes (objects attributes from all models are stored into hashed, generic lists)
In kernel user management (no more /etc/passwd)
Network control support
Pseudonymous logging (for privacy concerns)
Extensive logging capabilities
Symlink redirection (symlinks can redirect to another location by role, by uid, by security level or by remote address)
Can disable Linux DAC (be sure to convert them with provided tool to RSBAC
ACL first)
Secure delete (mandatory secure deletion per file, directory or whole filesystem)
Hide processes easily with a kernel option
Freeze mode (no RSBAC setting can be changed until reboot)
Softmode (RSBAC running in non-enforcing mode, can be disabled per single boot)
X11 Support
Inherited attributes (easy administration)
Fast, low overhead solution
Note: You can find more information about modules by reading the different models section of the handbook.
Registration modules (security models can be easily added this way)
AUTH module (checks everything about user authentication)
RC module (Role based model)
-
MAC module
PaX support
Dazuko antivirus interface, with caching
CAP module (Linux capacities control)
JAIL module (seamless, secure chroot, a simple rsbac_jail <opts> program will do it!)
RES module (Linux system resources control)
FF module (Special RSBAC attributes)
PM module (Privacy Module)
Table of Contents: RSBAC Handbook
Previous: History
Next: Design Goals