Electronic Books

Daemons may also be started on an
as-needed basis by xinetd, a special daemon that listens on a large number of port numbers and then
launches the requested process.
 Limit access to services. You can restrict access to a service you want to have on by
allowing access only from a particular host computer, domain, or network interface. For
example, a computer with interfaces to both the Internet and a local LAN might limit
access to a service such as NFS to computers on the LAN, but not offer those same services
to the Internet. Services may limit access in their own configuration files or using
TCP/IP wrappers (described later in this chapter).
 Check your system. Linux has tons of tools available for checking the security of your
system. After you install Linux, you can check access to its ports using nmap or watch
network traffic using Ethereal. You can also add popular security tools such as Nessus,
NOTE
205
Securing Linux 6
to get a more complete view of your system security. Security tools included on the CD
and DVD with this book are described in this chapter.
 Monitor your system. You can log almost every type of activity on your Linux system.
System log files, using the syslogd and klogd facilities, can be configured to track as much
or as little of your system activity as you choose.


Pages:
431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455