[rsbac] Dazuko for RSBAC
Amon Ott
ao at rsbac.org
Thu Apr 15 09:47:53 CEST 2004
Hello everybody!
Thanks to John Ogness, the Dazuko author, we now have improved Linux
on-access scanning within the RSBAC framework. The Dazuko interface is
supported by many Antivirus vendors, and several others have stated that
they are working on its support.
The only critics I read against Dazuko so far have been that
- it hooked into the system call table (for 2.2 and 2.4 kernels) or used
LSM (2.6, see http://rsbac.org/lsm.htm)
- its interface and the scanners could not be protected against misuse by
root processes.
The first item is solved by using RSBAC REG, the second by using the other
RSBAC modules to protect the Dazuko device.
Dazuko for RSBAC is implemented as a REG module for runtime registration.
To get it running on the current RSBAC releases 1.2.2 and 1.2.3-pre4, you
need a small RSBAC patch, which will be included in 1.2.3-pre5 and which
is already in the rsync code of 1.2.3-pre.
We will soon add fast result caching (using RSBAC generic lists) and
integrate Dazuko as a fixed RSBAC module.
Please configure Dazuko with
./configure --enable-rsbac
Copy of the latest Dazuko CVS version:
http://rsbac.org/pre/dazuko-cvs20040409.tar.gz
Patch for RSBAC:
http://rsbac.org/pre/rsbac_get_full_path_length.patch
Dazuko Homepage:
http://www.dazuko.org/
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list