I want to start deploying rbac on already hardened servers, starting
with a server that handles only a few services to "see what happens".
I recompiled the kernel enabling rbac and I'm now ready to reboot.
But... will the default policy break my services until I come up with a
working policy, or at least until I start learning mode manually? Or is
the default policy liberal enough that it is more or less equivalent to
an "allow all" policy?
I'm still learning the syntax and semantics of the policy language so I
don't fully trust my own judgement at this point. ;)
Thanks in advance.
with a server that handles only a few services to "see what happens".
I recompiled the kernel enabling rbac and I'm now ready to reboot.
But... will the default policy break my services until I come up with a
working policy, or at least until I start learning mode manually? Or is
the default policy liberal enough that it is more or less equivalent to
an "allow all" policy?
I'm still learning the syntax and semantics of the policy language so I
don't fully trust my own judgement at this point. ;)
Thanks in advance.