RSBAC 1.4.0 released - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

RSBAC 1.4.0 released

User Rating:

How can I rate this item?

Posted by Ryan W. Maple

Amon Ott says: Rule Set Based Access Control (RSBAC) 1.4.0 has been released for both Linux kernels 2.4.37 and 2.6.27.10. RSBAC 1.4 mainly introduces the new Virtual User Management feature which allows to isolate complete sets of users in so-called "virtual sets". Every user in every set can have individual passwords and access rights. Click-through to see the whole announcement, and to leave your opinions of RSBAC. Do you use it? If so, why?

Date: Fri, 16 Jan 2009 09:55:09 +0100
From: Amon Ott 
Subject: Announce: RSBAC 1.4.0 released

Rule Set Based Access Control (RSBAC) 1.4.0 has been released for both
Linux kernels 2.4.37 and 2.6.27.10
You can download the new version from http://www.rsbac.org

RSBAC is one of the leading access control systems for the Linux
kernel with a good selection of access control models, see
http://www.rsbac.org/why for more details.

Important changes since 1.3 series:

  *  VUM (Virtual User Management) support (http://rsbac.org/redir.php?t=vum)
  * One time password support for user management
(http://rsbac.org/redir.php?t=otp)
  * Code for kernels 2.4 and 2.6 has been separated. 2.4 kernels might
be phased out at a later date.
  * PAM module does not send a message "User not authenticated" anymore
if authentication failed. (To match other PAM modules behavior)
  * Made PAM password prompt standard and definable to RSBAC's custom
prompt if the user wants it only.
  * rsbac_useradd -K to copy a user with password.
  * rsbac_mount now uses kernel's vfs_mount

About RSBAC 1.4:
---

RSBAC 1.4 mainly introduces the new Virtual User Management feature (
(http://rsbac.org/redir.php?t=vum),
which allows to isolate complete sets of users in so-called "virtual sets".
Every user in every set can have individual passwords and access rights.

As an example, you can start your mail server in a different set, and
the users getting the email will not be part of the system users.

Likewise, your jails can be started in a different set, so that the
users in that jail will never be the same ones as the real system users.

You can specify the user set with the usual tools by specifying the
full user path, e.g.:

0/0 defines user id 0 (root) in virtual set 0 (eg system user root)
0/1000 defines user id 1000 in virtual set 0 (eg a system user)
1/secoff defines user secoff in virtual set 1 (e.g. with uid 400)
2/1000 defines user id 1000 in virtual set 2 (for example, mail users
could be in set 2)

Amon.

Read this full article

Comments

i use it

Written by bob on 2009-04-24 11:36:00

i use it because its fun and flexible.
it doesnt have has many tools as selinux, but the base tools are quite ok
it also has nice features, like inheritance, while not being as dumb as apparmor (path based)

Only registered users can write comments.
Please login or register.