Certification Objective 10.02: Basic Host Security

A network is only as secure as the most open system in that network. Although no system can be 100 percent secure, you can follow certain basic host measures to enhance the security on any given system and, consequently, your network. When devising security measures, you have to plan for two types of security violations: user accidents and break-ins.

Accidents happen because users lack adequate training or are unwilling to follow procedures. If security is too burdensome, productivity may suffer, and your users will try to get around your rules. Password security falls into this category.

When a cracker breaks into your system, some crackers may be looking for secrets such as credit card information. Others may just want to bring down your system. You can do several things to keep your network secure. Monitor Red Hat errata for the latest issues. With the up2date tool, you can keep your Red Hat system updated with the latest packages.

As you'll see later in this chapter, you can manage your computer's response to certain requests through the /etc/hosts.allow and /etc/hosts.deny files. You can set up protection within the kernel through firewalls based on iptables or ipchains. One simple way to promote security is to uninstall as many network access programs as possible.

Password Security

Good password security is important. Good passwords include a combination of letters, numbers, and even punctuation that isn't easily guessed. Good password security requires users to change their password on a regular basis.

Password security also means disabling or deleting unused accounts. These accounts are a common way for a cracker to try to break into your system.

You can also check system log files for suspicious activity. Login records are kept in a database in /var/log/wtmp. While you can't read this file directly, you can use the utmpdump command to make this file readable. For example, the utmpdump /var/log/wtmp command lists recent login activity. Take a look at Figure 10-2. Note the login from IP address 172.132.4.8. If you don't have any users from a computer with that IP address, you have a reason for concern.

Figure 10-2: Suspicious login activity

Security Updates

Another step you can take to keep your RHEL 3 system secure is to install the latest errata releases from Red Hat. These contain patches or fixes for problems in applications or the operating system that could result in security violations. A list of the latest errata is available as of this writing at www.redhat.com/apps/support/errata.

Red Hat provides a built-in service to check for updates called up2date that you can configure if your computer is directly connected to the Internet. Just run up2date from a command line in the X Window of your choice. If you haven't already done so, you'll need to register the settings on your computer. Then follow the prompts; up2date connects to rhn.redhat.com for updates. With Red Hat Enterprise Linux 3, this assumes you've already configured your system for updates through rhn.redhat.com.

Delete Extra Services

One simple way to promote security on your system is to delete the packages associated with network services that you aren't going to use. For example, a cracker can't use Samba to break into your system if the Windows File Server package group is not installed. Any firewall or other configuration that you may add to the service still means that you are theoretically vulnerable to an attack through that service. If you're not going to use a network service, you may want to remove the associated RPM packages.

To review currently installed network services, check the /etc/xinetd.d and /etc/rc.d/init.d directories.