[rsbac] RSBAC v1.2.4-pre3 released

Amon Ott ao at rsbac.org
Wed Nov 17 12:39:44 CET 2004

Hi folks,

the next pre is now available for kernels 2.4.27, 2.6.8(.1) and 2.6.9. 
The pre-patched kernels are still uploading, though.

Changes agains pre2 are:

    * Make RSBAC remote logging target configurable at boot or 
runtime. Suppress remote logging, if address or port is 0.
    * Cross linked HTML output in rc_get_item htmlprint.
    * audit_uid: Default value "unset". Set at CHANGE_OWNER away from 
a uid != 0, kept, inherited to child processes and logged. Allows to 
log actions of users who did an su etc. Needs configurable additional 
uid per program which works like uid 0, e.g. for SSHD privilege 
separation (new attr auid_exempt).
    * AUTH protection for Linux group IDs.
    * New kernel flag: rsbac_softmode_once: Sets softmode, but denies 
setting it again during runtime. For those systems that for some 
reason must start in softmode, disable it and do not want to have it 
set again later.
    * New kernel flag: rsbac_softmode_never: Disallows setting 
softmode during this runtime.
    * Keep last UM authenticated user in a per-process attribute 
auth_last_auth. Allow processes with auth_may_set_cap flag to set 

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde geschreddert...
Dateiname   : nicht verfügbar
Dateityp    : application/pgp-signature
Dateigröße  : 189 bytes
Beschreibung: signature
URL         : http://www.rsbac.org/pipermail/rsbac/attachments/20041117/56e72b3e/attachment.bin

More information about the rsbac mailing list