If you have an existing configuration for a working kernel, and you should if you've been following the instructions so far, you can copy it to the RSBAC sources directory and import it using the following commands:
Before we configure RSBAC we should ensure that the standard Linux security options are correctly configured.
|
|
Now that we have a working kernel configuration which we know will boot our system it is time to configure the RSBAC options. As this is a guide to RSBAC we shall start by enabling a simple set of modules which we can use as a gentle introduction. As the guide progresses we shall add more modules to our configuration as we introduce them.
Start by running the kernel configuration menu as usual
and navigate to the Rule Set Based Access Control (RSBAC) menu. It should look like the example given below.
|
|
Once the main RSBAC options have been configured we can configure the General RSBAC options which are found in a sub-section of that name
|
|
and so on for each sub-section in turn
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When using RSBAC and PaX together it is critical that you tell PaX that RSBAC will be providing the binary flags instead of using legacy ELF header or program ELF header marking.
Check that the following PaX Control options are configured as shown below.
|
|