Security; Additional Resources; Installed Documentation - Red Hat ENTERPRISE LINUX 3 - INTRODUCTION TO SYSTEM ADMINISTRATION Administration Manual

10
the choice of an email client tends to be a personal one; therefore, the best approach is to try each
client for yourself, and use what works best for you.

1.10.3. Security

As stated earlier in this chapter, security cannot be an afterthought, and security under Red Hat Enter-
prise Linux is more than skin-deep. Authentication and access controls are deeply-integrated into the
operating system and are based on designs gleaned from long experience in the UNIX community.
For authentication, Red Hat Enterprise Linux uses PAM — Pluggable Authentication Modules. PAM
makes it possible to fine-tune user authentication via the configuration of shared libraries that all
PAM-aware applications use, all without requiring any changes to the applications themselves.
Access control under Red Hat Enterprise Linux uses traditional UNIX-style permissions (read, write,
execute) against user, group, and "everyone else" classifications. Like UNIX, Red Hat Enterprise
Linux also makes use of setuid and setgid bits to temporarily confer expanded access rights to pro-
cesses running a particular program, based on the ownership of the program file. Of course, this makes
it critical that any program to be run with setuid or setgid privileges must be carefully audited to ensure
that no exploitable vulnerabilities exist.
Red Hat Enterprise Linux also includes support for access control lists. An access control list (ACL)
is a construct that allows extremely fine-grained control over what users or groups may access a file
or directory. For example, a file's permissions may restrict all access by anyone other than the file's
owner, yet the file's ACL can be configured to allow only user
read the file.
Another aspect of security is being able to keep track of system activity. Red Hat Enterprise Linux
makes extensive use of logging, both at a kernel and an application level. Logging is controlled by
the system logging daemon
the directory) or to a remote system (which acts as a dedicated log server for multiple
/var/log/
computers.)
Intrusion detection sytems (IDS) are powerful tools for any Red Hat Enterprise Linux system ad-
ministrator. An IDS makes it possible for system administrators to determine whether unauthorized
changes were made to one or more systems. The overall design of the operating system itself includes
IDS-like functionality.
Because Red Hat Enterprise Linux is installed using the RPM Package Manager (RPM), it is possible
to use RPM to verify whether any changes have been made to the packages comprising the operating
system. However, because RPM is primarily a package management tool, its abilities as an IDS are
somewhat limited. Even so, it can be a good first step toward monitoring a Red Hat Enterprise Linux
system for unauthorized modifications.

1.11. Additional Resources

This section includes various resources that can be used to learn more about the philosophy of system
administration and the Red Hat Enterprise Linux-specific subject matter discussed in this chapter.

1.11.1. Installed Documentation

The following resources are installed in the course of a typical Red Hat Enterprise Linux installation
and can help you learn more about the subject matter discussed in this chapter.
and
• crontab(1)
.
cron
, which can log system information locally (normally to files in
syslogd
man pages — Command and file format documentation for using
crontab(5)
Chapter 1. The Philosophy of System Administration
bob
to write and group
finance
to