Server Security; Securing Services With Tcp Wrappers And Xinetd; Enhancing Security With Tcp Wrappers - Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual

Hide thumbs Also See for ENTERPRISE LINUX 4 - SECURITY GUIDE:

Manual (410 pages)

System administration manual (400 pages)

Administration manual (200 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

page of 136

/ 136
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 5.

Server Security

When a system is used as a server on a public network, it becomes a target for attacks. For this

reason, hardening the system and locking down services is of paramount importance for the system

administrator.

Before delving into specific issues, review the following general tips for enhancing server security:

• Keep all services current, to protect against the latest threats.

• Use secure protocols whenever possible.

• Serve only one type of network service per machine whenever possible.

• Monitor all servers carefully for suspicious activity.

5.1. Securing Services With TCP Wrappers and xinetd

TCP wrappers provide access control to a variety of services. Most modern network services, such as

SSH, Telnet, and FTP, make use of TCP wrappers, which stand guard between an incoming request

and the requested service.

The benefits offered by TCP wrappers are enhanced when used in conjunction with xinetd, a super

service that provides additional access, logging, binding, redirection, and resource utilization control.

Note>

It is a good idea to use IPTables firewall rules in conjunction with TCP wrappers and

xinetd to create redundancy within service access controls. Refer to

Firewalls

for more information about implementing firewalls with IPTables commands.

More information on configuring TCP wrappers and xinetd can be found in the chapter titled TCP

Wrappers and xinetd in the Reference Guide.

The following subsections assume a basic knowledge of each topic and focus on specific security

options.

5.1.1. Enhancing Security With TCP Wrappers

TCP wrappers are capable of much more than denying access to services. This section illustrates

how it can be used to send connection banners, warn of attacks from particular hosts, and enhance

logging functionality. For a thorough list of TCP wrapper functionality and control language, refer to the

hosts_options man page.

5.1.1.1. TCP Wrappers and Connection Banners

Sending a client an intimidating banner when they connect to a service is a good way to disguise

what system the server is running while letting a potential attacker know that system administrator is

vigilant. To implement a TCP wrappers banner for a service, use the banner option.

This example implements a banner for vsftpd. To begin, create a banner file. It can be anywhere

on the system, but it must bear same name as the daemon. For this example, the file is called /etc/

banners/vsftpd.

Chapter 7,

Table of Contents

Server Security; Securing Services With Tcp Wrappers And Xinetd; Enhancing Security With Tcp Wrappers - Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual

Server Security

5.1. Securing Services With TCP Wrappers and xinetd

5.1.1. Enhancing Security With TCP Wrappers

Related Manuals for Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE

Related Content for Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE

Table of Contents