GENERAL:

• the RSBAC protection given by these scripts is quite generic for special needs make your own configuration
• the kernel is booted in softmode for problems with initrd
• you can switch softmode off either as the first of the init.d scripts or as the last, or by hand, by changing the config in /etc/sysconfig/rsbac
• the default configuration uses File Flags to protect most top directories and the protection is inherited by all files inside them recursively
• notice that /etc is readonly by default, which means that you cannot do many things like, for example, changing passwords !!!
• also software update with rpm does not work, so you must stop any program which downloads automatically and installs rpms (like rhnd) they will miserably fail due to the fact that most directories are readonly
• ALL MAINTENANCE SHOULD BE DONE ACTIVATING BY HAND SOFTMODE as secoff then doing as root upgrades, installations, changes of passwords etc. (you'll have tons of messages in the logs of violations in SoftMode, which means that the command has been executed but it violated some RSBAC rules) at the end of your maintenance, as secoff switch off softmode again; it is better to re-run these scripts to update any modified configurations (usually running './runall start' is safe, there should not be need to first stop and then start again)
• to switch softmode on/off (1/0) use as secoff the command switch_module SOFTMODE 1 (or switch_module SOFTMODE 0)