RSBAC Features

This document list the features provided by RSBAC. In other words, this is what you get by running a RSBAC kernel.

Currently non ordered, non complete list

• Read-only mode (no attribute writing, for testing)
• Transactions support (policy changes can be made atomically)
• Generic list based attributes (objects attributes from all models are stored into hashed, generic lists)
• In kernel user management (no more /etc/passwd)
• Network control support
• Pseudonymous logging (for privacy concerns)
• Extensive logging capabilities
• Symlink redirection (symlinks can redirect to another location by role, by uid, by security level or by remote address)
• Can disable Linux DAC (be sure to convert them with provided tool to RSBAC ACL first)
• Secure delete (mandatory secure deletion per file, directory or whole filesystem)
• Hide processes easily with a kernel option
• Freeze mode (no RSBAC setting can be changed until reboot)
• Softmode (RSBAC running in non-enforcing mode, can be disabled per single boot)
• X11 Support
• Inherited attributes (easy administration)
• Fast, low overhead solution
• TTL, define certain accesses at certain dates/time only

You can find more information about modules by reading the security models document.

• Registration modules (security models can be easily added this way)
• AUTH module (checks everything about user authentication)
• RC module (Role based model)
• ACL module
• MAC module
• PaX support
• Dazuko antivirus interface, with caching
• CAP module (Linux capacities control)
• JAIL module (seamless, secure chroot, a simple rsbac_jail <opts> program will do it!)
• RES module (Linux system resources control)
• FF module (Special RSBAC attributes)
• PM module (Privacy Module)