Chapter 23 System Security Administration

Table of Contents

23.1 About System Security
23.2 Configuring and Using SELinux
23.2.1 About SELinux Administration
23.2.2 About SELinux Modes
23.2.3 Setting SELinux Modes
23.2.4 About SELinux Policies
23.2.5 About SELinux Context
23.2.6 About SELinux Users
23.2.7 Troubleshooting Access-Denial Messages
23.3 About Packet-filtering Firewalls
23.3.1 Controlling the Firewall Service
23.3.2 Listing Firewall Rules
23.3.3 Inserting and Replacing Rules in a Chain
23.3.4 Deleting Rules in a Chain
23.3.5 Saving Rules
23.4 About TCP Wrappers
23.5 About chroot Jails
23.5.1 Running DNS and FTP Services in a Chroot Jail
23.5.2 Creating a Chroot Jail
23.5.3 Using a Chroot Jail
23.6 About Auditing
23.7 About System Logging
23.7.1 Configuring Logwatch
23.8 About Process Accounting
23.9 Security Guidelines
23.9.1 Minimizing the Software Footprint
23.9.2 Configuring System Logging
23.9.3 Disabling Core Dumps
23.9.4 Minimizing Active Services
23.9.5 Locking Down Network Services
23.9.6 Configuring a Packet-filtering Firewall
23.9.7 Configuring TCP Wrappers
23.9.8 Configuring Kernel Parameters
23.9.9 Restricting Access to SSH Connections
23.9.10 Configuring File System Mounts, File Permissions, and File Ownerships
23.9.11 Checking User Accounts and Privileges

This chapter describes the subsystems that you can use to administer system security, including SELinux, the Netfilter firewall, TCP Wrappers, chroot jails, auditing, system logging, and process accounting.