Available Network Services - Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual

Hide thumbs Also See for ENTERPRISE LINUX 3 - SECURITY GUIDE:

Manual (410 pages)

System administration manual (348 pages)

Reference manual (324 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

page of 136

/ 136
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 4. Workstation Security

%users

localhost=/sbin/shutdown -h now

This example states that any user can issue the command

issued from the console.

The man page for

sudoers

4.5. Available Network Services

While user access to administrative controls is an important issue for system administrators within an

organization, keeping tabs on which network services are active is of paramount importance to anyone

who installs and operates a Linux system.

Many services under Red Hat Enterprise Linux behave as network servers. If a network service is

running on a machine, then a server application called a daemon is listening for connections on one

or more network ports. Each of these servers should be treated as potential avenue of attack.

4.5.1. Risks To Services

Network services can pose many risks for Linux systems. Below is a list of some of the primary issues:

Buffer Overﬂow Attacks — Services which connect to ports numbered 0 through 1023 must run as

•

an administrative user. If the application has an exploitable buffer overﬂow, an attacker could gain

access to the system as the user running the daemon. Because exploitable buffer overﬂows exist,

crackers use automated tools to identify systems with vulnerabilities, and once they have gained

access, they use automated rootkits to maintain their access to the system.

Denial of Service Attacks (DoS) — By ﬂooding a service with requests, a denial of service attack

•

can bring a system to a screeching halt as it tries to log and answer each request.

Script Vulnerability Attacks — If a server is using scripts to execute server-side actions, as Web

•

servers commonly do, a cracker can mount an attack on improperly written scripts. These script

vulnerability attacks can lead to a buffer overﬂow condition or allow the attacker to alter ﬁles on

the system.

To limit exposure to attacks over the network all services that are unused should be turned off.

4.5.2. Identifying and Conﬁguring Services

To enhance security, most network services installed with Red Hat Enterprise Linux are turned off by

default. There are, however some notable exceptions:

— The default print server for Red Hat Enterprise Linux.

•

cupsd

— An alternate print server.

•

lpd

— A necessary component for the NFS, NIS, and other RPC protocols.

•

portmap

— A super server that controls connections to a host of subordinate servers, such as

•

xinetd

, and

vsftpd

telnet

— The Sendmail mail transport agent is enabled by default, but only listens for connec-

•

sendmail

tions from the localhost.

— The OpenSSH server, which is a secure replacement for Telnet.

•

sshd

has a detailed listing of options for this ﬁle.

(which is necessary for the Nautilus ﬁle manager).

sgi-fam

/sbin/shutdown -h now

as long as it is

Table of Contents

Available Network Services - Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual

4.5. Available Network Services

Related Manuals for Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE

Related Content for Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE

Table of Contents