Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsSoftwareNETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
919293949596979899100
Chapter 8.
Controlling Access to Services
Maintaining security on your Red Hat Linux system is extremely important. One way to
manage security on your system is to carefully manage access to system services. Your sys-
tem may need to provide open access to particular services (for example, httpd if you are
running a Web server). However, if you do not need to provide a service, you should turn it
off — this will minimize your exposure to possible bug exploits.
There are several different methods for managing access to system services. You must decide
which method you would like to use based on the service, your system’s configuration, and
your level of Linux expertise.
The easiest way to deny access to a service is to simply turn it off. Both the services man-
aged by xinetd (which we will talk about more later in this section) and the services in the
/etc/rc.d hierarchy can be configured to start or stop using three different applications:
serviceconf — a graphical application that displays a description of each service, displays
whether each service is started at boot time (for runlevels 3, 4, and 5), and allows you to
start, stop, and restart each service.
ntsysv a text-based application that allows you to configure which services are started
at boot time for each runlevel. Changes do not take effect immediately. Services can not be
started, stopped, or restarted using this program.
chkconfig a command-line utility that allows you to turn services on and off for the
different runlevels. Changes do not take effect immediately for non-xinetd services. Non-
xinetd services can not be started, stopped, or restarted using this utility.
You may find that these tools are easier to use than the alternatives — editing the numerous
symbolic links located in the directories below /etc/rc.d by hand or editing the xinetd
configuration files in /etc/xinetd.d.
Another way to manage access to system services is by using iptables to configure an
IP firewall. If you are a new Linux user, please realize that iptables may not be the best
solution for you. Setting up iptables can be complicated and is best tackled by experienced
UNIX/Linux system administrators.
On the other hand, the benefit of using iptables is flexibility. For example, if you need a
customized solution which provides certain hosts access to certain services, iptables can
provide it for you. See the Official Red Hat Linux Reference Guide for more information about
iptables.
Alternatively, if you are looking for a utility which will set general access rules for your
home machine, and/or if you are new to Linux, you should try the GNOME Lokkit utility.
GNOME Lokkit is a GUI utility which will ask you questions about how you want to use
your machine. Based on your answers, it will then configure a simple firewall for you. Refer
to Chapter 7 for more information.
8.1. Runlevels
Before you can configure access to services, you must understand Linux runlevels.
A runlevel is a state, or mode, that is defined by the services listed in the directory
/etc/rc.d/rc
x .d, where x is the number of the runlevel.
Red Hat Linux uses the following runlevels: