Two-Minute Drill


The following are some of the key points from the certification objectives in Chapter 15.

Using tcp_wrappers to Secure Services

  

Red Hat Enterprise Linux comes with a package known as tcp_wrappers. This package, which is enabled by default, allows you to limit access to various services.

  

You configure the access rules for tcp_wrappers through the /etc/hosts.allow and /etc/hosts.deny configuration files.

  

Clients listed in /etc/hosts.allow are allowed access; clients listed in /etc/hosts.deny are denied access.

  

Services can also be configured in /etc/hosts.allow and /etc/hosts.deny. Remember to use the actual executable name of the daemon, normally in /usr/sbin, such as in.tftpd.

Firewalls and Packet Filtering Using netfilter

  

Firewalls can secure an internal network as a packet filter that controls the information that comes in, goes out, and is forwarded through the internal network.

  

The current firewall configuration utility is iptables.

  

The iptables directives are sets of rules, chained together, that are compared and then applied to each network packet.

  

Each rule sets conditions required to match the rule and then specifies the action taken if the packet matches the rule.

  

Use the service iptables save command to save any chains that you configure in the /etc/sysconfig/iptables configuration file.

Network Address Translation

  

NAT modifies the header in packets coming from a LAN. It replaces the source address with the public address of the firewall computer, with a random port number.

  

Linux supports a variation of NAT called IP masquerading.

  

IP masquerading allows you to provide Internet access to multiple computers with a single officially assigned IP address.

  

To enable IP forwarding immediately, type the echo 1 > /proc/sys/net/ipv4/ip_forward command. To enable it upon reboot, set net.ipv4.ip_forward = 0 in /etc/sysctl.conf.

Security Enhanced Linux

  

Security Enhanced Linux (SELinux) provides a different level of security. Basic settings are shown in the /etc/sysconfig/selinux file.

  

If you're just experimenting with SELinux, configure it in permissive mode.

  

SELinux is relatively easy to configure with the SELinux Management Tool.

  

Any changes you make with the SELinux Management Tool are reflected in boolean settings in the /selinux/booleans/ directory.

  

The Setroubleshoot Browser can help you decipher related errors.



RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302)
Linux Patch Management: Keeping Linux Systems Up To Date
ISBN: 0132366754
EAN: 2147483647
Year: 2004
Pages: 227
Authors: Michael Jang

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net