Part II. Configuring Red Hat Enterprise Linux for Security

This part informs and instructs administrators on proper techniques and tools to use when securing Red Hat Enterprise Linux workstations, Red Hat Enterprise Linux servers, and network resources. It also discusses how to make secure connections, lock down ports and services, and implement active filtering to prevent network intrusion.

Table of Contents

3. Security Updates
3.1. Updating Packages
3.1.1. Using Red Hat Network
3.1.2. Using the Red Hat Errata Website
3.1.3. Verifying Signed Packages
3.1.4. Installing Signed Packages
3.1.5. Applying the Changes
4. Workstation Security
4.1. Evaluating Workstation Security
4.2. BIOS and Boot Loader Security
4.2.1. BIOS Passwords
4.2.2. Boot Loader Passwords
4.3. Password Security
4.3.1. Creating Strong Passwords
4.3.2. Creating User Passwords Within an Organization
4.4. Administrative Controls
4.4.1. Allowing Root Access
4.4.2. Disallowing Root Access
4.4.3. Limiting Root Access
4.5. Available Network Services
4.5.1. Risks To Services
4.5.2. Identifying and Configuring Services
4.5.3. Insecure Services
4.6. Personal Firewalls
4.7. Security Enhanced Communication Tools
5. Server Security
5.1. Securing Services With TCP Wrappers and xinetd
5.1.1. Enhancing Security With TCP Wrappers
5.1.2. Enhancing Security With xinetd
5.2. Securing Portmap
5.2.1. Protect portmap With TCP Wrappers
5.2.2. Protect portmap With IPTables
5.3. Securing NIS
5.3.1. Carefully Plan the Network
5.3.2. Use a Password-like NIS Domain Name and Hostname
5.3.3. Edit the /var/yp/securenets File
5.3.4. Assign Static Ports and Use IPTables Rules
5.3.5. Use Kerberos Authentication
5.4. Securing NFS
5.4.1. Carefully Plan the Network
5.4.2. Beware of Syntax Errors
5.4.3. Do Not Use the no_root_squash Option
5.5. Securing the Apache HTTP Server
5.5.1. FollowSymLinks
5.5.2. The Indexes Directive
5.5.3. The UserDir Directive
5.5.4. Do Not Remove the IncludesNoExec Directive
5.5.5. Restrict Permissions for Executable Directories
5.6. Securing FTP
5.6.1. FTP Greeting Banner
5.6.2. Anonymous Access
5.6.3. User Accounts
5.6.4. Use TCP Wrappers To Control Access
5.7. Securing Sendmail
5.7.1. Limiting a Denial of Service Attack
5.7.2. NFS and Sendmail
5.7.3. Mail-only Users
5.8. Verifying Which Ports Are Listening
6. Virtual Private Networks
6.1. VPNs and Red Hat Enterprise Linux
6.2. IPsec
6.3. IPsec Installation
6.4. IPsec Host-to-Host Configuration
6.5. IPsec Network-to-Network configuration
7. Firewalls
7.1. Netfilter and iptables
7.1.1. iptables Overview
7.2. Using iptables
7.2.1. Basic Firewall Policies
7.2.2. Saving and Restoring iptables Rules
7.3. Common iptables Filtering
7.4. FORWARD and NAT Rules
7.4.1. DMZs and iptables
7.5. Viruses and Spoofed IP Addresses
7.6. iptables and Connection Tracking
7.7. ip6tables
7.8. Additional Resources
7.8.1. Installed Documentation
7.8.2. Useful Websites
7.8.3. Related Documentation