Product SiteDocumentation Site

Red Hat Enterprise Linux 4

Security Guide

For Red Hat Enterprise Linux 4

Edition 2

Copyright © 2008 Red Hat, Inc

Legal Notice

Copyright © 2008 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
All other trademarks are the property of their respective owners.


1801 Varsity Drive
RaleighNC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588 Research Triangle ParkNC 27709 USA

Introduction
1. Document Conventions
1.1. Typographic Conventions
1.2. Pull-quote Conventions
1.3. Notes and Warnings
2. More to Come
2.1. Send in Your Feedback
I. A General Introduction to Security
1. Security Overview
1.1. What is Computer Security?
1.1.1. How did Computer Security Come about?
1.1.2. Computer Security Timeline
1.1.3. Security Today
1.1.4. Standardizing Security
1.2. Security Controls
1.2.1. Physical Controls
1.2.2. Technical Controls
1.2.3. Administrative Controls
1.3. Conclusion
2. Attackers and Vulnerabilities
2.1. A Quick History of Hackers
2.1.1. Shades of Grey
2.2. Threats to Network Security
2.2.1. Insecure Architectures
2.3. Threats to Server Security
2.3.1. Unused Services and Open Ports
2.3.2. Unpatched Services
2.3.3. Inattentive Administration
2.3.4. Inherently Insecure Services
2.4. Threats to Workstation and Home PC Security
2.4.1. Bad Passwords
2.4.2. Vulnerable Client Applications
II. Configuring Red Hat Enterprise Linux for Security
3. Security Updates
3.1. Updating Packages
3.1.1. Using Red Hat Network
3.1.2. Using the Red Hat Errata Website
3.1.3. Verifying Signed Packages
3.1.4. Installing Signed Packages
3.1.5. Applying the Changes
4. Workstation Security
4.1. Evaluating Workstation Security
4.2. BIOS and Boot Loader Security
4.2.1. BIOS Passwords
4.2.2. Boot Loader Passwords
4.3. Password Security
4.3.1. Creating Strong Passwords
4.3.2. Creating User Passwords Within an Organization
4.4. Administrative Controls
4.4.1. Allowing Root Access
4.4.2. Disallowing Root Access
4.4.3. Limiting Root Access
4.5. Available Network Services
4.5.1. Risks To Services
4.5.2. Identifying and Configuring Services
4.5.3. Insecure Services
4.6. Personal Firewalls
4.7. Security Enhanced Communication Tools
5. Server Security
5.1. Securing Services With TCP Wrappers and xinetd
5.1.1. Enhancing Security With TCP Wrappers
5.1.2. Enhancing Security With xinetd
5.2. Securing Portmap
5.2.1. Protect portmap With TCP Wrappers
5.2.2. Protect portmap With IPTables
5.3. Securing NIS
5.3.1. Carefully Plan the Network
5.3.2. Use a Password-like NIS Domain Name and Hostname
5.3.3. Edit the /var/yp/securenets File
5.3.4. Assign Static Ports and Use IPTables Rules
5.3.5. Use Kerberos Authentication
5.4. Securing NFS
5.4.1. Carefully Plan the Network
5.4.2. Beware of Syntax Errors
5.4.3. Do Not Use the no_root_squash Option
5.5. Securing the Apache HTTP Server
5.5.1. FollowSymLinks
5.5.2. The Indexes Directive
5.5.3. The UserDir Directive
5.5.4. Do Not Remove the IncludesNoExec Directive
5.5.5. Restrict Permissions for Executable Directories
5.6. Securing FTP
5.6.1. FTP Greeting Banner
5.6.2. Anonymous Access
5.6.3. User Accounts
5.6.4. Use TCP Wrappers To Control Access
5.7. Securing Sendmail
5.7.1. Limiting a Denial of Service Attack
5.7.2. NFS and Sendmail
5.7.3. Mail-only Users
5.8. Verifying Which Ports Are Listening
6. Virtual Private Networks
6.1. VPNs and Red Hat Enterprise Linux
6.2. IPsec
6.3. IPsec Installation
6.4. IPsec Host-to-Host Configuration
6.5. IPsec Network-to-Network configuration
7. Firewalls
7.1. Netfilter and iptables
7.1.1. iptables Overview
7.2. Using iptables
7.2.1. Basic Firewall Policies
7.2.2. Saving and Restoring iptables Rules
7.3. Common iptables Filtering
7.4. FORWARD and NAT Rules
7.4.1. DMZs and iptables
7.5. Viruses and Spoofed IP Addresses
7.6. iptables and Connection Tracking
7.7. ip6tables
7.8. Additional Resources
7.8.1. Installed Documentation
7.8.2. Useful Websites
7.8.3. Related Documentation
III. Assessing Your Security
8. Vulnerability Assessment
8.1. Thinking Like the Enemy
8.2. Defining Assessment and Testing
8.2.1. Establishing a Methodology
8.3. Evaluating the Tools
8.3.1. Scanning Hosts with Nmap
8.3.2. Nessus
8.3.3. Nikto
8.3.4. VLAD the Scanner
8.3.5. Anticipating Your Future Needs
IV. Intrusions and Incident Response
9. Intrusion Detection
9.1. Defining Intrusion Detection Systems
9.1.1. IDS Types
9.2. Host-based IDS
9.2.1. Tripwire
9.2.2. RPM as an IDS
9.2.3. Other Host-based IDSes
9.3. Network-based IDS
9.3.1. Snort
10. Incident Response
10.1. Defining Incident Response
10.2. Creating an Incident Response Plan
10.2.1. The Computer Emergency Response Team (CERT)
10.2.2. Legal Considerations
10.3. Implementing the Incident Response Plan
10.4. Investigating the Incident
10.4.1. Collecting an Evidential Image
10.4.2. Gathering Post-Breach Information
10.5. Restoring and Recovering Resources
10.5.1. Reinstalling the System
10.5.2. Patching the System
10.6. Reporting the Incident
V. Appendixes
A. Hardware and Network Protection
A.1. Secure Network Topologies
A.1.1. Physical Topologies
A.1.2. Transmission Considerations
A.1.3. Wireless Networks
A.1.4. Network Segmentation and DMZs
A.2. Hardware Security
B. Common Exploits and Attacks
C. Common Ports
D. Revision History
Index