Maintaining security on your Red Hat Linux system is extremely important. One
way to manage security on your system is to carefully manage access to
system services. Your system may need to provide open access to
particular services (for example, httpd if you are
running a Web server). However, if you do not need to provide a service,
you should turn it off — this will minimize your exposure to
possible bug exploits.
There are several different methods for managing access to system
services. You must decide which method you would like to use based on the
service, your system's configuration, and your level of Linux expertise.
The easiest way to deny access to a service is to simply turn it off.
Both the services managed by xinetd (which we will talk
about more later in this section) and the services in the
/etc/rc.d hierarchy can be configured to start or
stop using three different applications:
serviceconf — a graphical application
that displays a description of each service, displays whether each
service is started at boot time (for runlevels 3, 4, and 5), and
allows you to start, stop, and restart each service.
ntsysv — a text-based application that
allows you to configure which services are started at boot time for
each runlevel. Changes do not take effect immediately. Services
can not be started, stopped, or restarted using this program.
chkconfig — a command-line utility that
allows you to turn services on and off for the different
runlevels. Changes do not take effect immediately for non-xinetd
services. Non-xinetd services can not be started, stopped, or
restarted using this utility.
You may find that these tools are easier to use than the alternatives
— editing the numerous symbolic links located in the directories
below /etc/rc.d by hand or editing the
xinetd configuration files in
/etc/xinetd.d.
Another way to manage access to system services is by using
iptables to configure an IP firewall. If you are a new
Linux user, please realize that iptables may not be the
best solution for you. Setting up iptables can be
complicated and is best tackled by experienced UNIX/Linux system
administrators.
On the other hand, the benefit of using iptables is
flexibility. For example, if you need a customized solution which
provides certain hosts access to certain services,
iptables can provide it for you. See the
Official Red Hat Linux Reference Guide for more information about
iptables.
Alternatively, if you are looking for a utility which will set general
access rules for your home machine, and/or if you are new to Linux, you
should try the GNOME Lokkit utility.
GNOME Lokkit is a GUI utility which will ask
you questions about how you want to use your machine. Based on your
answers, it will then configure a simple firewall for you. Refer to
Chapter 7 for more information.
Before you can configure access to services, you must understand Linux
runlevels. A runlevel is a state, or mode, that
is defined by the services listed in the directory
/etc/rc.d/rc<x>.d,
where <x> is the number of the
runlevel.
Red Hat Linux uses the following runlevels:
0 — Halt
1 — Single-user mode
2 — Not used (user-definable)
3 — Full multi-user mode
4 — Not used (user-definable)
5 — Full multi-user mode (with an X-based login screen)
6 — Reboot
If you configured the X Window System during the Red Hat Linux installation
program, you had the option of choosing a graphical or text login
screen. If you chose a text login screen, you are operating in runlevel
3. If you chose a graphical login screen, you are operating in runlevel
5.
The default runlevel can be changed by modifying the
/etc/inittab file, which contains a line near the top
of the file similar to the following:
Change the number in this line to the desired runlevel. The change will
not take effect until you reboot the system.
To change the runlevel immediately, use the command
telinit followed by the runlevel number. You must be
root to use this command.
