Project:RSBAC

Project Description
RSBAC is Mandatory Access Control security system based on the GFAC framework logic. It includes standard models, like the Role Compatibility, Access Control Lists and Mandatory Access Control. RSBAC enforces access control rules on your operating system.

Currently we are mostly targetting servers, but desktops will also be supported in the future. The required tool for the policies is still being developed.

What is RSBAC?
RSBAC (Rule Set Based Access Control) is free Open Source (GPL) Linux kernel security extension. RSBAC's main concept is modularity. It uses several well-known and new security models, including MAC, ACLs, PaX and RC among a few others. RSBAC has control over individual users and program network accesses using any combination of the possible security models. It is also as extensible as it is modular: you can write your own models for runtime registration. Finally, RSBAC provides an excellent support for the most newest stable and development Linux kernels.It is in production use from January 2000 and has proven to be very stable. You are also suggested to read the more detailled overview.

However, RSBAC itself is not a complete security solution by itself: it only gives the possibility of applying security models. Fortunately, it works well with other Hardened projects to bring you a complete solution.

Planned subprojects
The RSBAC project has the following subprojects planned:

Resources
Resources offered by the RSBAC project are:


 * RSBAC Overview
 * RSBAC Quickstart

How Do I Use This?
RSBAC can be installed new on a system by following the above install guide for your architecture. If there is not an install guide for your architecuture yet, it is still possible to install by following the Gentoo Handbook. When the system is installed, convert it to RSBAC by using the Quickstart Guide. It is suggested that you use the Hardened profile or use "hardened pie" as your USE flags during this installation.

Converting a preexisting Gentoo installation to RSBAC can be done by following the Quickstart Guide.

I Want to Participate
To participate in the RSBAC project first join the mailing list at. Then ask if there are plans to support something that you are interested in, propose a new subproject that you are interested in or choose one of the planned subprojects to work on. You may talk to the developers and users in the IRC channel  on   for more information or just to chat about the project or any subprojects. If you don't have the ability to actively help by contributing work we will always need testers to use and audit the RSBAC policies. All development, testing, and productive comments and feedback will be greatly appreciated.