|< Day Day Up >|| |
As a Red Hat Enterprise Linux systems manager, you probably wear several hats, one of which is security manager. This is especially true if you work for a small company. Even if you work for a large organization that has a dedicated network or systems security staff, most of the administrators are probably responsible for other operating systems. You're probably responsible for security policies on your Linux systems.
You may spend very little time thinking about Linux security, or it may turn out to be a full-time job. The level of security you choose to configure depends on many factors, including the purpose of the system and the overall security policies of your company or organization, as well as the size and number of computers in the company.
For example, a Red Hat Enterprise Linux workstation at home does not require as much security as a secure Red Hat Enterprise Linux server that is being used to process credit card orders for a Web site.
Red Hat Enterprise Linux comes with a large and varied assortment of tools for handling security. This includes tools for managing the security on individual Linux computers and tools for managing security for an entire network of systems, both Linux and otherwise. In this chapter, we look at some of the tools provided by RHEL 3 for managing security. We start out by looking at tools for controlling access to individual Linux host systems, then we look at tools for securing networks.
|On The Job|| |
You'll need to know how to protect your computer and network. Sometimes this means you'll turn off, deactivate, or even uninstall a service. Other times, you'll set specific levels of security for different users. You can even regulate the type of traffic coming in, going out, and being transferred through your computer.
You have different ways to secure your system and network. The Network Information System (NIS) and the Lightweight Directory Access Protocol (LDAP) can provide a common database of authentication and configuration files for your network. The PAM (Pluggable Authentication Module) system lets you configure how users are allowed to log in or access different services. System logging often provides the clues that you need to solve a lot of problems. The Extended Internet Services Daemon (xinetd) governs a lot of services that do not have their own individual daemons. IP aliases allow you to set up more than one IP address on a specific network card. With iptables, you can set up firewalls to accept or block many different kinds of network traffic. Network Address Translation allows you to protect computers inside your network by hiding their address information.
Systems Administration and Security
RHCT candidates need to know how to configure a client to directory services such as NIS and LDAP. They will also want to read the System Logging section to learn how to troubleshoot a number of basic problems. However, most of this chapter is focused on RHCE requirements. While not part of the Red Hat Exam Prep guide, NIS servers are included in the RHCE prep course outline, RH300.
With respect to the RHCE exam, focus on security. Remember to remove unneeded services to minimize the ways crackers can break into your system. Learn the PAM system, and how it allows you to customize security for different services and utilities-even by user. Understand how to implement tcp_wrappers to secure xinetd services. Learn the iptables command in detail. ractice with this command. Experiment with the results from remote clients.
|< Day Day Up >|| |