RSBAC (Rule Set Based Access Control) is a kernel patch which adds several mandatory access models to the Linux kernel. These models can be used to enhance the security of a Linux system.
RSBAC’s main concept is modularity. It uses several well-known and new security models, including Mandatory Access Control (MAC), Access Control List (ACL), PaX and Role-Compatibility (RC) and others.
RSBAC has control over individual users and program network accesses using any combination of the possible security models. It is also highly extensible.
Key Features
- Independent of governments and big companies.
- Several well-known and new security models, e.g. MAC, ACL and RC.
- On-access virus scanning with Dazuko interface.
- Detailed control over individual user and program network accesses.
- Fully access controlled kernel level user management.
- Any combination of security models possible.
- Easily extensible: write your own model for runtime registration.
- Support for latest kernels.
- Stable for production use.
- Read-only mode (no attribute writing, for testing).
- Transactions support (policy changes can be made atomically).
- Generic list based attributes (objects attributes from all models are stored into hashed, generic lists).
- In kernel user management (no more /etc/passwd).
- Network control support.
- Pseudonymous logging (for privacy concerns).
- Extensive logging capabilities.
- Symlink redirection (symlinks can redirect to another location by role, by uid, by security level or by remote address).
- Disable Linux DAC (be sure to convert them with provided tool to RSBAC ACL first).
- Secure delete (mandatory secure deletion per file, directory or whole filesystem).
- Hide processes easily with a kernel option.
- Freeze mode (no RSBAC setting can be changed until reboot).
- Softmode (RSBAC running in non-enforcing mode, can be disabled per single boot).
- X11 Support.
- Inherited attributes (easy administration).
- Fast, low overhead solution.
- TTL, define certain accesses at certain dates/time only.
- Highly portable.
Website: www.rsbac.org
Support: Documentation
Developer: Amon Ott, kang, Michal
License: GNU General Public License v2.0
Related Software
| MAC/RBAC Tools | |
|---|---|
| SELinux | Security enhancement to Linux |
| AppArmor | Linux Security Module implementation of name-based access controls |
| RSBAC | Patch adding several mandatory access models to the Linux kernel |
| grsecurity | Innovative set of patches for the Linux kernel |
| TOMOYO Linux | Lightweight and easy-use Mandatory Access Control |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Know a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |