Securing Linux Servers
Opening up your Linux system as a server on a public network creates a whole new set of challenges
when it comes to security. Instead of just turning away nearly all incoming requests, your computer
will be expected to respond to requests for supported services (such as Web, FTP, or mail service)
by supplying information or possibly running scripts that take in data.
Entire books have been filled with information on how to go about securing your servers. Many
businesses that rely on Internet servers assign full-time administrators to watch over the security of
their servers. So, think of this section as an overview of some of the kinds of attacks to look out for
and some tools available to secure your Linux server.
Controlling Access to Services with TCP Wrappers
Completely disabling an unused service is fine, but what about the services that you really need?
How can you selectively grant and deny access to these services? For Linux systems that incorporate
TCP wrapper support, the /etc/hosts.allow and /etc/hosts.deny files determine when
a particular connection should be granted or refused for services such as rlogin, rsh, telnet, finger,
and talk.
Most Linux systems that implement TCP wrappers do so for a set of services that are monitored by
a single listening process called the Internet super server.
Pages:
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482