Castle is a server distribution from the ALT Linux Team in Russia.
Version: 2.4Castle is a server distribution from the ALT Linux Team in Russia. Installation instructions and some other documentation is available in English.
Operating System: Linux
Brief RSBAC instructions:
1. During installation process you will have to create security officer account. This is a user that can setup RSBAC security configuration.
2. Installer applies to RSBAC kernel two special parameters "rsbac_auth_enable_login" and "rsbac_softmode". Please, don't remove it. You need it for correct installation process.
3. Run RSBAC kernel just after system installation.
4. After reboot RSBAC will function in normal mode. If you need 'soft' mode again, use 'rsbac_softmode' kernel parameter during boot.
5. After finishing system configuration please reboot your server.
6. RSBAC will work in normal mode at all future startups of the system. You can boot RSBAC kernel in "soft" mode again using "rsbac_softmode" kernel parameter.
7. Login as security officer you have created during installation process and run main RSBAC configuration utility "rsbac_admin".
Default security configuration:
- All system directories are in "read only" and "execute only" mode.
- Base system configuration files (e.g /etc/lilo.conf /etc/fstab) are also in read only mode.
- Home directory is available only for users and security officer (but he has no access to user's home directories).Security Officer's home is situated in the root directory (/secoff) and is open only for the owner. You can also create trusted environment for security officer by putting special files into the home.
- There are some useful scripts in security officer's home: to enable/disable useradd, to enable/disable install and an example script for http protection.