RSBAC 1.2.7 review

by on

RSBAC is a flexible, powerful and fast open source access control framework for current Linux kernels. Linux systems, as many othe

License: GPL (GNU General Public License)
File size: 46K
Developer: Amon Ott
0 stars award from

RSBAC is a flexible, powerful and fast open source access control framework for current Linux kernels.

Linux systems, as many others in the Unix family,may have a problem with access control. There is a small granularity of discretionary access rights, only dividing between read, write and execute rights for file owner, and file group members.

The fact that access control relies on a file owner’s discretion already leads to various problems, like the level of trust that has to be put in a user, the vulnerability from malware working on behalf of a user, and so on. Also, there is hardly any logging of user activities possible, making it even harder to detect malicious accesses.

Another problem is the system administrator account “root”. Many system tasks are only allowed to be done by this user, even many network services have to be started or, worse, run as root. The root account, however, has full access to every object in the system. It is easy to understand why so many Unix family systems have been compromised locally or by remote access.

Recent Linux kernels additionally implement a privilege scheme, which splits the root user’s special rights into a set of single rights, called capabilities. These rights are given to a process based on the parent process and the executable that is run.

However, while these capabilities can distinguish between some access types, they are mostly ignorant of the object that is to be accessed, for example CAP_DAC_OVERRIDE (capacity to override the filesystem access control) gives full read and write access to all files and devices on the system. As a result, many administration tasks still have to be done with too many access rights. Another disadvantage is the fixed access control model, which cannot easily be changed or replaced.

The RSBAC framework gives detailed access control information, and you can implement almost any access control model in it, e.g. as a runtime registered kernel module. Also, there is a powerful logging system which makes intrusion attempts easily detectable.

Here are some key features of "RSBAC":
Free Open Source (GPL) Linux kernel security solution
Independent of governments and big companies
Several well-known and new security models, like MAC, ACL and RC
On-access virus scanning with the Dazuko interface
Detailed control over individual user and program network accesses
Fully access controlled kernel level user management
Any combination of security models possible
Easily extensible: write your own model for runtime registration
Support for latest kernels and stable for production use

RSBAC 1.2.7 keywords