As a Red Hat Enterprise Linux systems manager, you probably wear several hats, one of which is that of security manager. This is especially true if you work for a small company. Even if you work for a large organization with a dedicated network or systems security staff, most of the administrators are probably responsible for other operating systems. You're probably responsible for security policies on your Linux systems.
You may spend very little time thinking about Linux security, or it may turn out to be a full-time job. The level of security you choose to configure depends on many factors, including the purpose of the system and the overall security policies of your company or organization, as well as the size and number of computers in the company.
For example, a Red Hat Enterprise Linux workstation at home does not require as much security as a secure Red Hat Enterprise Linux server that is being used to process credit card orders for a Web site.
Red Hat Enterprise Linux comes with a large and varied assortment of tools for handling security. This includes tools for managing the security on individual Linux computers and tools for managing security for an entire network of systems, both Linux and otherwise. In this chapter, you'll examine some of the tools provided by RHEL for managing security. You'll start out by looking at tools for controlling access to individual Linux host systems, then you'll explore tools for securing networks, and finally, you'll examine the basics of Security Enhanced Linux (SELinux).
This chapter is focused on RHCE requirements. As described in the Red Hat Exam Prep guide, RHCEs must be able to
Configure host-based and user-based security for the service
Configure SELinux to support the service
for the network services described in the Installation and Configuration portion of the RHCE exam.
These services include HTTP/HTTPS, Samba, NFS, FTP, Web proxy, SMTP, IMAP, IMAPS, POP3, SSH, DNS, and NTP. We've described some security settings in earlier chapters. This chapter looks at several generic security tools that you can use for these services. (For a discussion of Pluggable Authentication Modules, see Chapter 6.)
|On the Job|| |
You'll need to know how to protect your computer and network. Sometimes this means you'll turn off, deactivate, or even uninstall a service. Other times, you'll set specific levels of security for different users. You can even regulate the type of traffic coming in, going out, and being transferred through your computer.