Controlling Access To Services; Runlevels - Red Hat ENTERPRISE LINUX 3 System Administration Manual

Controlling Access to Services

Maintaining security on your system is extremely important. One way to manage security on your
system is to manage access to system services carefully. Your system may need to provide open
access to particular services (for example,
do not need to provide a service, you should turn it off to minimize your exposure to possible bug
exploits.
There are several different methods for managing access to system services. Decide which method
of management to use based on the service, your system's configuration, and your level of Linux
expertise.
The easiest way to deny access to a service is to turn it off. Both the services managed by
(discussed later in this section) and the services in the
SysV services) can be configured to start or stop using three different applications:
Services Configuration Tool — a graphical application that displays a description of each service,
•
displays whether each service is started at boot time (for runlevels 3, 4, and 5), and allows services
to be started, stopped, and restarted.
ntsysv — a text-based application that allows you to configure which services are started at boot
•
time for each runlevel. Changes do not take effect immediately for non-
services can not be started, stopped, or restarted using this program.
xinetd
— a command line utility that allows you to turn services on and off for the different
• chkconfig
runlevels. Changes do not take effect immediately for non-
can not be started, stopped, or restarted using this utility.
You may find that these tools are easier to use than the alternatives — editing the numerous symbolic
links located in the directories below
in
/etc/xinetd.d
Another way to manage access to system services is by using
you are a new Linux user, please realize that
up can be complicated and is best tackled by experienced Linux system administrators.
iptables
On the other hand, the benefit of using
solution which provides certain hosts access to certain services,
Refer to the Red Hat Enterprise Linux Reference Guide and the Red Hat Enterprise Linux Security
Guide for more information about
Alternatively, if you are looking for a utility to set general access rules for your home
machine, and/or if you are new to Linux, try the Security Level Configuration Tool
(
redhat-config-securitylevel
similar to the Firewall Configuration screen in the installation program.
Refer to Chapter 20 Basic Firewall Configuration for more information. If you need more specific
firewall rules, refer to the

21.1. Runlevels

Before you can configure access to services, you must understand Linux runlevels. A runlevel is a
state, or mode, that is defined by the services listed in the directory
<x> is the number of the runlevel.
The following runlevels exist:
/etc/rc.d
.
iptables
iptables
), which allows you to select the security level for your system,
chapter in the Red Hat Enterprise Linux Reference Guide.
iptables
if you are running a Web server). However, if you
httpd
/etc/rc.d/init.d
xinetd
by hand or editing the
iptables
may not be the best solution for you. Setting
iptables
is flexibility. For example, if you need a customized
.
Chapter 21.
hierarchy (also known as
xinetd
services. Non-
xinetd
configuration files
xinetd
to configure an IP firewall. If
can provide it for you.
iptables
/etc/rc.d/rc < x > .d
xinetd
services. Non-
services
, where