RSBAC 1.2.7 Released

Submitted by jill 2006-06-09 Privacy, Security 7 Comments

The European mandatory access control solution, RSBAC 1.2.7 has been released, featuring the usual bugfixes, new kthread notification code, and GCC-4 support. It is interesting to note that there is an Apache module available now for RSBAC, replacing SuExec functionality, with a higher security level and more important, no performance loss.

About The Author

Thom Holwerda

Follow me on Mastodon @[email protected]

7 Comments

2006-06-09 1:58 pm

darkmind
Whereas I know that RSBAC is use in Mandriva ( instead of SELinux ), I don’t know if there’s other distro using it. Does someone know others distro using RSBAC ?

BTW does people could point me out to complete HOWTO ( or step-by-step guide ) ? docs on RSBACwebsite are … succint

2006-06-09 2:42 pm

b00gie
gentoo also support rsbac

i believe documentation at main site is complete, u can find some usefull info at gentoo’s rsbac project site though : http://www.gentoo.org/proj/en/hardened/rsbac/
2006-06-10 8:58 am

druiloor
Adamantix (formerly known as Trusted Debian) uses it:

http://www.adamantix.org/

2006-06-09 2:46 pm

koen
Just because this is developped in Germany, doesn’t mean this is ‘the european solution’ to implement a MAC framework in linux. As far as I know, only a minority of linux distros actually use this. Most linux distributions seem to favour the SELinux MAC/TPE implementation, which is a lot more mature (and older) and actually tested in production environments.

Most institutions in Europe who need that kind of security, actually run a certified trusted operating system (VMS, STOP, Trusted Solaris, Trusted Irix, …).

RSBAC *is* nice and very well done, but it is the work of a single individual without any corporate backup and peer review.

2006-06-09 2:55 pm

xmv_
Sorry, but I cannot let you spread wrong assumptions.

– First of all, RSBAC is actually older than SELinux.

– Second, it is not the work of an individual but a team of developers (check the website ?)

– Third, it is backed up by a corporate company, based in Germany (again, check the website)

– Fourth, Cyberguard (usa) uses RSBAC as well as some european institution (google ?)

– Fifth, Cyberguard actually got RSBAC certified EAL-4, that is peer review

– Finally, last I checked, Germany was in Europe, Mandriva was in France (which is Europe), etc.

I guess the poster would qualify SELinux more of an US solution, which doesn’t mean it cannot be used in Europe or Asia, but the same goes for RSBAC.

Neither SELinux or RSBAC are bad solution, but now this is my point of view. But at least, I’m not spreading FUD.
2006-06-09 3:03 pm

b00gie
rsbac and rbac (grsecurity) are actually older and more mature solutions than selinux.

selinux ofcourse is far more advertised than the other two… that doesnt mean is better.

2006-06-10 2:45 am

fffffh
Live evaluation

http://livecd.rsbac.org/

http://livecd.rsbac.org/rsbaclive-20060529.img.txt