Command-line tool to manage the ABAC linux security module.
- Install dependencies (python3, pip and setuptools)
# On debian
sudo apt install python3-pip
pip install setuptools
# On Fedora
sudo dnf install python3-pip python3-wheel
pip install setuptools
# For other distributions, please refer to your distributions manual/documentation- Run the installation script (requires root previleges)
chmod +x install.sh
su
./install.sh- Verify that the abac command is available
which abac- Verify that the Systemd services are up and running
systemctl status abac.service
systemctl status abac_env.service
systemctl status abac_watch.serviceCurrently, a shared directory with appropriate permissions is created at /home/secured/. Only files in this directory are protected by ABAC LSM.
The abac cli tool contains ALL the tool required for managing attributes and policies.
The cli tool can be invoked using the abac command followed by specific commands such as user, obj etc.
The main functions of the tool are explained below -
abac obj- Manage object attributes. The available functions areadd, list, change, delete.abac user- Add, remove and manage users and their attributes. The available functions areadd, list, delete, manage.abac policy- Manage the ABAC policy. The available functions areadd, list, delete.abac avp- Add available attribute value pairs for objects and users. The available functions areadd, list, delete, modify.abac load- Load the abac attributes and policy into the kernel.abac server- Start the ABAC attribute server. This is automaticlly done by the systemd service.abac init- Initialize the abac config directory. This is automatically done during installation.
For each of the above subcommands, passing the flag --help prints the required help.
None of the above subcommands, except abac obj are available to normal users.