[rsbac] RSBAC v1.2.4-pre3 released
Amon Ott
ao at rsbac.org
Wed Nov 17 12:39:44 CET 2004
Hi folks,
the next pre is now available for kernels 2.4.27, 2.6.8(.1) and 2.6.9.
The pre-patched kernels are still uploading, though.
Changes agains pre2 are:
* Make RSBAC remote logging target configurable at boot or
runtime. Suppress remote logging, if address or port is 0.
* Cross linked HTML output in rc_get_item htmlprint.
* audit_uid: Default value "unset". Set at CHANGE_OWNER away from
a uid != 0, kept, inherited to child processes and logged. Allows to
log actions of users who did an su etc. Needs configurable additional
uid per program which works like uid 0, e.g. for SSHD privilege
separation (new attr auid_exempt).
* AUTH protection for Linux group IDs.
* New kernel flag: rsbac_softmode_once: Sets softmode, but denies
setting it again during runtime. For those systems that for some
reason must start in softmode, disable it and do not want to have it
set again later.
* New kernel flag: rsbac_softmode_never: Disallows setting
softmode during this runtime.
* Keep last UM authenticated user in a per-process attribute
auth_last_auth. Allow processes with auth_may_set_cap flag to set
last_auth.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde geschreddert...
Dateiname : nicht verfügbar
Dateityp : application/pgp-signature
Dateigröße : 189 bytes
Beschreibung: signature
URL : http://www.rsbac.org/pipermail/rsbac/attachments/20041117/56e72b3e/attachment.bin
More information about the rsbac
mailing list