Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Controll Access to Services

Controll Access to Services

Ratings: (0)|Views: 13|Likes:
Published by api-3736383

More info:

Published by: api-3736383 on Oct 15, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

03/18/2014

pdf

text

original

Red Hat Enterprise Linux 4: System Administration Guide
Prev
Next
Chapter 12. Controlling Access to Services

Maintaining security on your system is extremely important, and one
approach for this task is to manage access to system services carefully.
Your system may need to provide open access to particular services (for
example,httpd if you are running a Web server). However, if you do not
need to provide a service, you should turn it off to minimize your exposure
to possible bug exploits.

There are several different methods for managing access to system
services. Decide which method of management to use based on the
service, your system's configuration, and your level of Linux expertise.

The easiest way to deny access to a service is to turn it off. Both the
services managed byxinetd and the services in the/etc/rc.d/init.d
hierarchy (also known as SysV services) can be configured to start or stop
using three different applications:

\u2022
Services Configuration Tool \u2014 a graphical application that

displays a description of each service, displays whether each service is started at boot time (for runlevels 3, 4, and 5), and allows services to be started, stopped, and restarted.

\u2022
ntsysv \u2014 a text\u00adbased application that allows you to configure which

services are started at boot time for each runlevel. Non\u00adxinetd
services can not be started, stopped, or restarted using this
program.

\u2022
chkconfig \u2014 a command line utility that allows you to turn services
on and off for the different runlevels. Non\u00adxinetd services can not be
started, stopped, or restarted using this utility.
You may find that these tools are easier to use than the alternatives \u2014
editing the numerous symbolic links located in the directories below
/etc/rc.d by hand or editing thex i n et d configuration files in
/etc/xinetd.d.
Another way to manage access to system services is by usingipta b l e s to
configure an IP firewall. If you are a new Linux user, please realize that
iptables may not be the best solution for you. Setting up iptables can be
complicated and is best tackled by experienced Linux system
administrators.

On the other hand, the benefit of usingipta b l e s is flexibility. For example, if
you need a customized solution which provides certain hosts access to
certain services,ipta b l e s can provide it for you. Refer to the Red Hat

Enterprise Linux Reference Guide and the Red Hat Enterprise Linux
Security Guide for more information aboutipta b l e s.
Alternatively, if you are looking for a utility to set general access rules for
your home machine, and/or if you are new to Linux, try the Security Level
Configuration Tool (system\u00adconfig\u00adsecuritylevel), which allows you to
select the security level for your system, similar to theFirewall
Configuration screen in the installation program.
Refer to Chapter 11 Basic Firewall Configuration for more information. If you
need more specific firewall rules, refer to theiptables chapter in theRed
Hat Enterprise Linux Reference Guide.
12.1. Runlevels

Before you can configure access to services, you must understand Linux runlevels. A runlevel is a state, ormode, that is defined by the services listed in the directory/etc/rc.d/rc<x>.d, where<x> is the number of the runlevel.

The following runlevels exist:
\u2022
0 \u2014 Halt
\u2022
1 \u2014 Single\u00aduser mode
\u2022
2 \u2014 Not used (user\u00addefinable)
\u2022
3 \u2014 Full multi\u00aduser mode
\u2022
4 \u2014 Not used (user\u00addefinable)
\u2022
5 \u2014 Full multi\u00aduser mode (with an X\u00adbased login screen)
\u2022
6 \u2014 Reboot
If you use a text login screen, you are operating in runlevel 3. If you
use a graphical login screen, you are operating in runlevel 5.

The default runlevel can be changed by modifying the/etc/inittab
file, which contains a line near the top of the file similar to the
following:

id:5:initdefault:
Change the number in this line to the desired runlevel. The change
does not take effect until you reboot the system.

To change the runlevel immediately, use the commandtelinit
followed by the runlevel number. You must be root to use this
command. Thete l i n i t command does not change the/etc/inittab
file; it only changes the runlevel currently running. When the system is
rebooted, it continues to boot the runlevel as specified in

/etc/inittab.
Prev
Home
Next
Activating theiptables
Service
Up
TCP Wrappers
Red Hat Enterprise Linux 4: System
Administration Guide
Prev
Chapter 12. Controlling Access to
Services
Next
12.2. TCP Wrappers
Many UNIX system administrators are accustomed to using TCP wrappers
to manage access to certain network services. Any network services

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->