Rule Set Based Access Contro1分析和总结分析和总结.docxVIP

Rule Set Based Access Control (RSBAC) for Linux - Quickstart Content: Introduction This guide will help you to install RSBAC on Gentoo Linux. It is assumed that the users have read the Introduction and the Overview already, so that they knows what is RSBAC and its main concepts. Installation of the RSBAC enabled kernel Emerging the RSBAC kernel This step is pretty straight forward, thanks to the way Gentoo handles kernel installations. Start by emerging the rsbac-sources kernel from your portage. Note: Note: There are two rsbac-sources kernel available: one is for the 2.4 kernel branch, the other is for the newer 2.6 kernel branch. Code Listing 2.1: RSBAC kernel installation (using the default profile and 2.6 kernel) # emerge rsbac-sources Code Listing 2.2: RSBAC kernel installation (using the 2.4 kernel, since Gentoo profile 2005.0) # rm /etc/make.profile # ln -s /usr/portage/profiles/default-linux/x86/2005.0/2.4/ /etc/make.profile # echo sys-kernel/hardened-sources rsbac /etc/portage/package.use # emerge hardened-sources Important: It is advised to enable softmode on your first RSBAC kernel. It allows you to turn off the RSBAC enforcement in one reboot, for testing or in case something goes wrong. Only turn it off once you are sure of what you are doing, or of course, for a production kernel. Configuring the RSBAC kernel We will now configure the kernel. It is recommended that you enable the following options, in the Rule Set Based Access Control (RSBAC) category: Code Listing 2.3: Configuring and compiling the RSBAC kernel Code Listing 2.3: Configuring and compiling the RSBAC kernel Under General RSBAC options [*] RSBAC proc support [*] Check on init [*] Support transactions [*] Randomize transaction numbers [*] RSBAC debugging support (400) RSBAC default security officer user ID Under User management [*] User management Be sure to enable SHA1 in the Crypto API Under Cryptographic options of the general kernel configuration, tick [*] SHA1 digest algorithm [*] U