RSBAC – kernel security solution

RSBAC (Rule Set Based Access Control) is a kernel patch which adds several mandatory access models to the Linux kernel. These models can be used to enhance the security of a Linux system.

RSBAC’s main concept is modularity. It uses several well-known and new security models, including Mandatory Access Control (MAC), Access Control List (ACL), PaX and Role-Compatibility (RC) and others.

RSBAC has control over individual users and program network accesses using any combination of the possible security models. It is also highly extensible.

Features include:

  • Independent of governments and big companies.
  • Several well-known and new security models, e.g. MAC, ACL and RC.
  • On-access virus scanning with Dazuko interface.
  • Detailed control over individual user and program network accesses.
  • Fully access controlled kernel level user management.
  • Any combination of security models possible.
  • Easily extensible: write your own model for runtime registration.
  • Support for latest kernels.
  • Stable for production use.
  • Read-only mode (no attribute writing, for testing).
  • Transactions support (policy changes can be made atomically).
  • Generic list based attributes (objects attributes from all models are stored into hashed, generic lists).
  • In kernel user management (no more /etc/passwd).
  • Network control support.
  • Pseudonymous logging (for privacy concerns).
  • Extensive logging capabilities.
  • Symlink redirection (symlinks can redirect to another location by role, by uid, by security level or by remote address).
  • Disable Linux DAC (be sure to convert them with provided tool to RSBAC ACL first).
  • Secure delete (mandatory secure deletion per file, directory or whole filesystem).
  • Hide processes easily with a kernel option.
  • Freeze mode (no RSBAC setting can be changed until reboot).
  • Softmode (RSBAC running in non-enforcing mode, can be disabled per single boot).
  • X11 Support.
  • Inherited attributes (easy administration).
  • Fast, low overhead solution.
  • TTL, define certain accesses at certain dates/time only.
  • Highly portable.

Support: Documentation
Developer: Amon Ott, kang, Michal
License: GNU GPL v2

Return to MAC/RBAC Tools Home Page

Read our complete collection of recommended free and open source software. The collection covers all categories of software.

The software collection forms part of our series of informative articles for Linux enthusiasts. There's tons of in-depth reviews, alternatives to Google, fun things to try, hardware, free programming books and tutorials, and much more.
Share this article

Share your Thoughts

This site uses Akismet to reduce spam. Learn how your comment data is processed.