1 |
> Remember that RSBAC does not work with PaX on a recent kernels. If you |
2 |
> really want more security with Linux, PaX is the first and the most |
3 |
> important thing you should consider. It aims to prevent exploits from |
4 |
> working, while MAC/RBAC/RSBAC fights the consequences in userspace and |
5 |
> does little to protect against the kernel exploits. |
6 |
|
7 |
RSBAC with PaX works with new kernels, you can patch it yourself or |
8 |
you can download one kernel that is already patched from |
9 |
http://enhanced.rsbac.org/2.6/2.6.31/. |
10 |
|
11 |
> A server without PaX is barely a better choice. |
12 |
|
13 |
The same as before, PaX runs with rsbac in new kernels |