The following are some of the key points from the certification objectives in Chapter 15.
❑ | Red Hat Enterprise Linux comes with a package known as tcp_wrappers. This package, which is enabled by default, allows you to limit access to various services. |
❑ | You configure the access rules for tcp_wrappers through the /etc/hosts.allow and /etc/hosts.deny configuration files. |
❑ | Clients listed in /etc/hosts.allow are allowed access; clients listed in /etc/hosts.deny are denied access. |
❑ | Services can also be configured in /etc/hosts.allow and /etc/hosts.deny. Remember to use the actual executable name of the daemon, normally in /usr/sbin, such as in.tftpd. |
❑ | Firewalls can secure an internal network as a packet filter that controls the information that comes in, goes out, and is forwarded through the internal network. |
❑ | The current firewall configuration utility is iptables. |
❑ | The iptables directives are sets of rules, chained together, that are compared and then applied to each network packet. |
❑ | Each rule sets conditions required to match the rule and then specifies the action taken if the packet matches the rule. |
❑ | Use the service iptables save command to save any chains that you configure in the /etc/sysconfig/iptables configuration file. |
❑ | NAT modifies the header in packets coming from a LAN. It replaces the source address with the public address of the firewall computer, with a random port number. |
❑ | Linux supports a variation of NAT called IP masquerading. |
❑ | IP masquerading allows you to provide Internet access to multiple computers with a single officially assigned IP address. |
❑ | To enable IP forwarding immediately, type the echo 1 > /proc/sys/net/ipv4/ip_forward command. To enable it upon reboot, set net.ipv4.ip_forward = 0 in /etc/sysctl.conf. |
❑ | Security Enhanced Linux (SELinux) provides a different level of security. Basic settings are shown in the /etc/sysconfig/selinux file. |
❑ | If you're just experimenting with SELinux, configure it in permissive mode. |
❑ | SELinux is relatively easy to configure with the SELinux Management Tool. |
❑ | Any changes you make with the SELinux Management Tool are reflected in boolean settings in the /selinux/booleans/ directory. |
❑ | The Setroubleshoot Browser can help you decipher related errors. |