Chapter 21: Controlling Access to Services

Previous page
Table of content
Next page


Overview

Maintaining security on your Red Hat Linux system is extremely important. One way to manage security on your system is to carefully manage access to system services. Your system may need to provide open access to particular services (for example, httpd if you are running a Web server). However, if you do not need to provide a service, you should turn it off — this will minimize your exposure to possible bug exploits.

There are several different methods for managing access to system services. You must decide which method you would like to use based on the service, your system’s configuration, and your level of Linux expertise. The easiest way to deny access to a service is to simply turn it off. Both the services managed by xinetd (which we will talk about more later in this chapter) and the services in the /etc/rc.d hierarchy can be configured to start or stop using three different applications:

  • Services Configuration Tool — a graphical application that displays a description of each service, displays whether each service is started at boot time (for runlevels 3, 4, and 5), and allows you to start, stop, and restart each service.

  • ntsysv — a text-based application that allows you to configure which services are started at boot time for each runlevel. Changes do not take effect immediately. Services cannot be started, stopped, or restarted using this program.

  • chkconfig — a command-line utility that allows you to turn services on and off for the different runlevels. Changes do not take effect immediately for non-xinetd services. Non-xinetd services cannot be started, stopped, or restarted using this utility.

You may find that these tools are easier to use than the alternatives — editing the numerous symbolic links located in the directories below /etc/rc.d manually or editing the xinetd configuration files in /etc/xinetd.d.

Another way to manage access to system services is by using iptables to configure an IP firewall. If you are a new Linux user, please realize that iptables may not be the best solution for you. Setting up iptables can be complicated and is best tackled by experienced UNIX/Linux system administrators. On the other hand, the benefit of using iptables is flexibility. For example, if you need a customized solution that provides certain hosts access to certain services, iptables can provide it for you.

Alternatively, if you are looking for a utility that will set general access rules for your home machine, and/or if you are new to Linux, you should try the GNOME Lokkit utility. GNOME Lokkit is a GUI utility that will ask you questions about how you want to use your machine. Based on your answers, it will then configure a simple firewall for you. Refer to Chapter 22 for more information. You can also use the Services Configuration Tool (redhat-config-servicelevel). It allows you to select the security level for your system, similar to the Service Level screen in the Red Hat Linux installation program.


Previous page
Table of content
Next page
Official Red Hat Linux Administrator's Guide
Official Red Hat Linux Administrators Guide
ISBN: 0764516957
EAN: 2147483647
Year: 2002
Pages: 278
Authors: Red Hat Inc
BUY ON AMAZON
Java How to Program (6th Edition) (How to Program (Deitel))
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
Ruby Cookbook (Cookbooks (OReilly))
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
The Oracle Hackers Handbook: Hacking and Defending Oracle
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy