Chapter 18. Controlling Access to Services
httpdif you are running a Web server). However, if you do not need to provide a service, you should turn it off to minimize your exposure to possible bug exploits.
xinetdand the services in the
/etc/rc.d/init.dhierarchy (also known as SysV services) can be configured to start or stop using three different applications:
- Services Configuration Tool
- This is a graphical application that displays a description of each service, displays whether each service is started at boot time (for runlevels 3, 4, and 5), and allows services to be started, stopped, and restarted.
- This is a text-based application that allows you to configure which services are started at boot time for each runlevel. Non-
xinetdservices can not be started, stopped, or restarted using this program.
- This is a command line utility that allows you to turn services on and off for the different runlevels. Non-
xinetdservices can not be started, stopped, or restarted using this utility.
/etc/rc.dby hand or editing the
xinetdconfiguration files in
iptablesto configure an IP firewall. If you are a new Linux user, note that
iptablesmay not be the best solution for you. Setting up
iptablescan be complicated, and is best tackled by experienced Linux system administrators.
iptablesis flexibility. For example, if you need a customized solution which provides certain hosts access to certain services,
iptablescan provide it for you. Refer to Section 48.8.1, “Netfilter and IPTables” and Section 48.8.3, “Using IPTables” for more information about
system-config-securitylevel), which allows you to select the security level for your system, similar to the Firewall Configuration screen in the installation program.
/etc/rc.d/rc<x>.d, where <x> is the number of the runlevel.
- 0 — Halt
- 1 — Single-user mode
- 2 — Not used (user-definable)
- 3 — Full multi-user mode
- 4 — Not used (user-definable)
- 5 — Full multi-user mode (with an X-based login screen)
- 6 — Reboot
/etc/inittabfile, which contains a line near the top of the file similar to the following: