AIX > Tips & Techniques > Systems Management

How to secure your RHEL5 server on a System p SHORT

Red Hat Enterprise Linux 5 is the first OS to ship with native support for the functionality necessary to meet the Common Criteria for Trusted Operating Systems. Using the many tools available right out of the box should put you in a good position to secure your system.


Note: This is the second part in a two-part series. The first part can be seen here.

 

The first half of this article introduced Red Hat’s implementation of Linux, RHEL5, including features such as xinetd, TCP wrappers and port scanning. Now we’ll turn our attention to other aspects of RHEL5.

Netfilter/iptables

As a Linux administrator, you should also be aware of firewall tools that help protect your systems. The RHEL kernel includes a powerful system called Netfilter. This provides either stateful or stateless packet filtering, and also Network Address Translation (NAT). Netfilter is used through the iptables interface.

In this example, we actually turn on its services:

[root@172_29_138_30 ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]
[root@172_29_138_30 ~]#
[root@172_29_138_30 ~]# pwd

If you want this to stay on through a reboot, you’ll need to run this command:

# chkconfig --level 345 iptables on

It’s extremely important that you keep up-to-date with all the security patches and enhancements. Be a regular visitor to the Red Hat Security Errata site, which is managed by the Red Hat Security Response Team. I also recommend that you conduct routine audits of your user accounts to make sure no one has set up any back doors to your system. Does anyone else have a userid defined as 0 besides root? If they do, then they are really root, even if their name is Joe Shmoe. Make sure the passwords age frequently and also set up strong authentication policies. Delete accounts that haven’t been used for more than 60 days. Research all the security holes for third-party applications that you use, such as Apache and Sendmail. NFS also has a number of holes. Type in showmount every so often to make sure you’re not exporting any filesystems that you might not be aware of.

 

 

Ken Milberg, CATE, PMP, is a diverse IT Professional with 20+ years of experience. Ken is a technology writer and site expert for techtarget and has also been a frequent contributor of content for IBM developerWorks. Ken has also been a freelance writer for IBM Systems Magazine and is a former technical editor. He can be reached at kmilberg@powertco.com.


comments powered by Disqus

Advertisement

Advertisement

2017 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
AIX News Sign Up Today! Past News Letters