Edit and modify /etc/sysconfig/rsbac you can decide if to
MANUAL_SOFTMODE=YES has prevalence on DELAYED_SOFTMODE=YES
Notice that the kernel boots in softmode due to problems with initrd and RSBAC.
The default values of /etc/sysconfig/rsbac are DELAYED_SOFTMODE=NO and MANUAL_SOFTMODE=YES, so the most UNsecure boot we can offer, otherwise you could not be able to boot at all!
In the bin/ directory there are the scripts which set the RSBAC configuration. You can start all of them by doing
cd scripts/bin/
./runall start
the 'start' parameter will set all the RSBAC protections, the 'stop' parameter will reset to the default configuration
Each script has a name which starts with 2 digits. Please adopt the following conventions
Obviously you can run manually each script passing to it the start/stop parameter.
Each script has a corresponding (same name) configuration file in the etc/ directory and (hopefully) a documentation file in the doc/ directory.
In the configuration file there is at least one parameter, ENABLED which by default is set to "YES" in most cases (but there are special scripts where is set to "NO" so that you have to manually enable the script) if you set it to anything else, the script will not do anything when you run it. If the configuration file does not exists, the script will do nothing. If the main file(s) of the related service are not installed, the script does nothing. So if you install something new, run the appropriate scripts or, if in doubt, run all of them.
In the scripts/contribute/ directory there are similar scripts which can be alternatives to the ones in the main dirs, or for extra packages or yet to be tested at all.
Some advice on partitioning: it could be helpful to have the following partitions:
/
/home
/var
and optionally
/usr
/usr/local
/tmp
/boot
/opt
/misc
Otherwise it can be useful to make /tmp a soft link to /var/tmp and /opt /misc soft links to /usr/local
RSBAC is anyway independent by your partitioning scheme, protections on top directories will be applied checking first if it is a soft link or a true directory.