[rsbac] Dazuko for RSBAC

Amon Ott ao at rsbac.org
Thu Apr 15 09:47:53 CEST 2004

Hello everybody!

Thanks to John Ogness, the Dazuko author, we now have improved Linux 
on-access scanning within the RSBAC framework. The Dazuko interface is 
supported by many Antivirus vendors, and several others have stated that 
they are working on its support.

The only critics I read against Dazuko so far have been that
- it hooked into the system call table (for 2.2 and 2.4 kernels) or used 
LSM (2.6, see http://rsbac.org/lsm.htm)
- its interface and the scanners could not be protected against misuse by 
root processes.

The first item is solved by using RSBAC REG, the second by using the other 
RSBAC modules to protect the Dazuko device.

Dazuko for RSBAC is implemented as a REG module for runtime registration. 
To get it running on the current RSBAC releases 1.2.2 and 1.2.3-pre4, you 
need a small RSBAC patch, which will be included in 1.2.3-pre5 and which  
is already in the rsync code of 1.2.3-pre.
We will soon add fast result caching (using RSBAC generic lists) and 
integrate Dazuko as a fixed RSBAC module.

Please configure Dazuko with
./configure --enable-rsbac

Copy of the latest Dazuko CVS version:

Patch for RSBAC:

Dazuko Homepage:

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list