rsbacl5s.gif (2243 Byte)  

Rule Set Based Access Control (RSBAC) for Linux - Download


RSBAC Source Code

All RSBAC code is copyrighted (c) 1999-2004 by Amon Ott (except where explicitely stated otherwise in the code) and published under the GNU General Publishing Licence v2. Please see the RSBAC copyright notice for details.

The RSBAC source code depends on original Linux kernel source trees in the versions contained in the filename or package, because of deeper modifications. Only recent kernels will be further supported. If you need support for other kernel versions, please give me a note. All source packages have been signed with my GnuPG or my PGP key.

There is also an English instruction on installation and administration. The German version (for 1.0.2a) is no longer maintained and very old by now.

Newer code is available via the RSBAC Homepage. Please also consider using a local mirror. To protect against buffer overflows, I recommend the Pageexec (PaX) Project - their patches integrate nicely with RSBAC, as e.g. shown in the Adamantix distribution.

Released Versions and Administration Tools

You will need a kernel file package, a kernel patch and a set of administration tools. The administration tools use part of the kernel code contained in the kernel packages and can therefore only be used for the version given. Please read the instruction and look out for bugfixes.

Kernel Patches

Patch sets for all kernel releases supported by RSBAC are available here. Newer kernel versions might be supported in an RSBAC pre version.

Prepatched Kernel Source Packages (HTTP) (Mirrors)

You should always find already patched, but unconfigured kernel source tree tar.bz2 archives here for the current RSBAC stable release and the latest kernels. Please note that you still have to call 'touch Makefile' after config of these kernels.

If you have problems downloading the big files, you should try 'wget -c URL' or the FTP reget command to continue.

Bugfixes for released Versions

Here you can get bugfix patches for relevant bugs in released RSBAC versions from 1.1.0 onwards.

Live CD Images (Mirrors)

Test RSBAC with a Debian based live CD - just insert, boot and try without harddisk access.

Pre-Versions

Pre-versions show the current, mostly stable code. Some features might still be unfinished or unstable, though.

Development State

Whenever the current development tree compiles and seems to work, it is copied to the RSBAC RSync server at rsync://rsbac.dyndns.org (HTTP, HTTP mirror, FTP mirror). You can directly sync into your local source tree and compile, because all patched files are available. This is also quite convenient for some code browsing. The code is also available as .tar.gz at these locations.

Please note that the different kernel versions can still have different RSBAC code versions - and that the rsync server might be unavailable from time to time.

Supported Architectures

From version 1.2.1, there is full support for all archs, but it is mostly untested except for i386. Testing feedback is very welcome!

You can also use RSBAC with User Mode Linux (UML).


Questions, tips, etc.

23-Feb-04, -ao