Electronic Books

Utilities such as logwatch provide easy
ways to have the potential problem messages forwarded to your administrative e-mail
account. Linux logging features are described later in this chapter.
Remember that monitoring your system does not mean that you simply turn on logging??”
you must also carefully monitor those logs and react to what they tell you.
 Use SELinux. SELinux is an extraordinarily rich (and complex) facility for managing the
access of nearly every aspect of a Linux system. It addresses the if-I-get-root-access-I-ownyour-
box shortcomings of Linux and UNIX systems for highly secure environments.
Red Hat systems offer a useful, limited set of SELinux policies that are turned on by
default in Fedora. Other Linux distributions are working on and including SELinux
implementations as well. Figure 6-1 shows an example of the SELinux Administration
tool included with Fedora 8 (select Applications???System Tools???SELinux Management),
while Figure 6-2 shows the SELinux Troubleshooter (select Applications???System Tools???
SELinux Troubleshooter).
FIGURE 6-1
SELinux utilities are included with Fedora.
NOTE
206
Running the Show Part II
FIGURE 6-2
The SELinux Troubleshooter will identify areas of concern.
Finding Distribution-Specific Security Resources
Most major Linux distributions have resources devoted to helping you secure Linux and keep up
with security information that is specific to that version of Linux.


Pages:
432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456