QQ登录

只需一步,快速开始

 找回密码
 注册

QQ登录

只需一步,快速开始

查看: 1062|回复: 7

rsbac

[复制链接]
发表于 2003-8-5 21:31:06 | 显示全部楼层 |阅读模式
From:         Amon Ott <[email protected]>
To:         RSBAC List <[email protected]>
Cc:         [email protected], Suse-Security <[email protected]>, [email protected]
Subject:         Announce: RSBAC v1.2.2 released
Date:         Tue, 5 Aug 2003 09:49:25 +0200       
Hello!

Rule Set Based Access Control (RSBAC) version 1.2.2 has been released.
Full information and downloads are available from http://www.rsbac.org

RSBAC is a flexible, powerful and fast open source access control framework
for current Linux kernels, which has been in stable production use since
January 2000 (version 1.0.9a). All development is independent of governments
and big companies, and no existing access control code has been reused.

The system includes a big range of decision modules, some of which implement
professional access control models like ACL, MAC or Role Compatibility. It
supports both 2.4 and 2.2 kernel series. Now that 2.6 seems to stabilize, the
port to 2.6.0-test is in progress.

New features compared to version 1.2.1:

- Malware scanning:
       - Added ms_need_scan attribute for selective scanning
       - MS module support for F-Protd as scanning engine
       - ms_need_scan FD attribute for selective scanning
       - MS module support for clamd as scanning engine.
- Jails:
       - JAIL flag allow_inet_localhost to additionally allow to/from
         local/remote IP 127.0.0.1
- Resource Control:
       - New RES module with minimum and maximum resource settings for
         users and programs
- Authentication Enforcement:
       - Moved AUTH module to generic lists with ttl
       - Added caps and checks for effective and fs owner to AUTH module
         (optional)
- Linux Capabilities:
       - New Process Hiding feature in CAP module
- MAC / Bell-LaPadula:
       - Almost complete reimplementation of the MAC model with many new
         features.
- General:
       - RSBAC syscall version numbers
       - Added new requests CHANGE_DAC_(EFF|FS)_OWNER on PROCESS targets
         for seteuid and setfsuid (configurable)
       - Changed behaviour on setuid etc.: Notification is always sent, even
         if the uid was set to the same value. This allows for restricted RC
         initial roles with correct role after setuid to root.
       - Delayed init for initial ramdisks: delay RSBAC init until the first
         real or a specific device mount.
       - rsbac_init() syscall to trigger init by hand, if not yet
         initialized - can be used with e.g. rsbac_delayed_root=99:99, which
         will never trigger init automatically.
       - New system role 'auditor' for most models, which may read and flush
         RSBAC own log.

Amon Ott.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
发表于 2003-8-6 12:33:24 | 显示全部楼层
很好,Dragonfly,是否能再介绍一些关于安全的网站或者mail list?
回复

使用道具 举报

 楼主| 发表于 2003-8-6 22:19:45 | 显示全部楼层
i happen to read this from LKML. now i already forget what is security.  
回复

使用道具 举报

 楼主| 发表于 2003-8-6 23:03:39 | 显示全部楼层
but for high secure system, this is important. and only rbac is not enough. many levels like c2, b2, from cc.  o, a old story.  
回复

使用道具 举报

 楼主| 发表于 2003-8-7 11:02:05 | 显示全部楼层
different people have different needs. that is understandable.
回复

使用道具 举报

发表于 2003-8-8 15:23:48 | 显示全部楼层
我今天去了www.rsbac.org网站,确实不错。里面还有很多很多和安全相关的连接。
回复

使用道具 举报

 楼主| 发表于 2003-8-8 21:39:04 | 显示全部楼层
good luck. that is what u want.
回复

使用道具 举报

发表于 2003-8-10 18:52:44 | 显示全部楼层
hehe   
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则

GMT+8, 2024-12-4 03:36 , Processed in 0.050849 second(s), 16 queries .

© 2021 Powered by Discuz! X3.5.

快速回复 返回顶部 返回列表