GENERAL:

- the RSBAC protection given by these scripts is quite generic
  for special needs make your own configuration

- the kernel is booted in softmode for problems with initrd

- you can switch softmode off either as the first of the init.d scripts
  or as the last, or by hand, by changing the config in /etc/sysconfig/rsbac
  
- the default configuration uses File Flags to protect most top directories
  and the protection is inherited by all files inside them recursively

- notice that /etc is readonly by default, which means that you cannot
  do many things like, for example, changing passwords !!!

- also software update with rpm does not work, so you must stop any
  program which downloads automatically and installs rpms (like rhnd)
  they will miserably fail due to the fact that most directories are readonly

- ALL MAINTENANCE SHOULD BE DONE ACTIVATING BY HAND SOFTMODE as secoff
  then doing as root upgrades, installations, changes of passwords etc. 
  (you'll have tons of messages in the logs of violations in SoftMode, 
  which means that the command has been executed but it violated some RSBAC 
  rules) at the end of your maintenance, as secoff switch off softmode
  again; it is better to re-run these scripts to update any modified
  configurations (usually running './runall start' is safe, there should not
  be need to first stop and then start again)

- to switch softmode on/off (1/0) use as secoff the command
            switch_module SOFTMODE 1   (or   switch_module SOFTMODE 0)