| 1 |
> Remember that RSBAC does not work with PaX on a recent kernels. If you |
| 2 |
> really want more security with Linux, PaX is the first and the most |
| 3 |
> important thing you should consider. It aims to prevent exploits from |
| 4 |
> working, while MAC/RBAC/RSBAC fights the consequences in userspace and |
| 5 |
> does little to protect against the kernel exploits. |
| 6 |
|
| 7 |
RSBAC with PaX works with new kernels, you can patch it yourself or |
| 8 |
you can download one kernel that is already patched from |
| 9 |
http://enhanced.rsbac.org/2.6/2.6.31/. |
| 10 |
|
| 11 |
> A server without PaX is barely a better choice. |
| 12 |
|
| 13 |
The same as before, PaX runs with rsbac in new kernels |
Archives