Securing and Optimizing Linux:RedHat Edition | All about OS

General System Security

Категория: Securing and Optimizing

/usr/sbin/tcpd in.cfingerd /usr/sbin/tcpd /bin/ps -auwwx /usr/sbin/tcpd /bin/netstat -f inet
nowait nowait nowait nowait
# Authentication
#auth stream top nowait nobody /usr/sbin/in.identd in.identd -I -e -o
# End of inetd.conf
NOTE: Don’t forget to send your inetd process a SIGHUP signal (killall -HUP inetd) after making change to your inetd.conf file. The services you enable on a selected host depend on the functions you want the host to provide. Functions could support the selected network service, other services hosted on this computer, or development and maintenance of the operating system and applications.
[root@deep /]# killall -HUP inetd
Step 4
One more security measure you can take to secure the “inetd.conf” file is to set it immutable,
using the chattr command.
• To set the file immutable simply, execute the following command: [root@deep /]# chattr +i /etc/inetd.conf
This will prevent any changes (accidental or otherwise) to the “inetd.conf file. A file with the immutable attribute set “i” cannot be modified, deleted or renamed, no link can be created to this file and no data can be written to it. The only person that can set or clear this attribute is the super-user root.
If you wish later to modify the inetd.conf file you will need to unset the immutable flag:
To unset the immutable flag, simply execute the following command: [root@deep /]# chattr -i /etc/inetd.conf
TCP_WRAPPERS
By default Red Hat Linux allows all service requests. Using TCP_WRAPPERS makes securing your servers against outside intrusion is a lot simpler and painless then you would expect. Deny all hosts by putting “ALL: ALL@ALL, PARANOID” in the 7etc/hosts.deny” file and explicitly list trusted hosts who are allowed to your machine in the 7etc/hosts.allow” file. This is the safest and the best configuration.
TCP_WRAPPERS is controlled from two files and the search stops at the first match.
/etc/hosts.allow /etc/hosts.deny
• Access will be granted when a (daemon, client) pair matches an entry in the /etc/hosts.allow file.
• Otherwise, access will be denied when a (daemon, client) pair matches an entry in the /etc/hosts.deny file.
• Otherwise, access will be granted.
Stepi
Edit the hosts.deny file (vi /etc/hosts.deny) and add the following lines:
Access is denied by default.
# Deny access to everyone.

Страниц: 1 2 3 4 5 6 7 8

The “/etc/host.conf” file »