Chapter 24 System Security Administration

Table of Contents

24.1 About System Security
24.2 Configuring and Using SELinux
24.2.1 About SELinux Administration
24.2.2 About SELinux Modes
24.2.3 Setting SELinux Modes
24.2.4 About SELinux Policies
24.2.5 About SELinux Context
24.2.6 About SELinux Users
24.2.7 Troubleshooting Access-Denial Messages
24.3 About Packet-filtering Firewalls
24.3.1 Controlling the Firewall Service
24.3.2 Listing Firewall Rules
24.3.3 Inserting and Replacing Rules in a Chain
24.3.4 Deleting Rules in a Chain
24.3.5 Saving Rules
24.4 About TCP Wrappers
24.5 About chroot Jails
24.5.1 Running DNS and FTP Services in a Chroot Jail
24.5.2 Creating a Chroot Jail
24.5.3 Using a Chroot Jail
24.6 About Auditing
24.7 About System Logging
24.7.1 Configuring Logwatch
24.8 About Process Accounting
24.9 Security Guidelines
24.9.1 Minimizing the Software Footprint
24.9.2 Configuring System Logging
24.9.3 Disabling Core Dumps
24.9.4 Minimizing Active Services
24.9.5 Locking Down Network Services
24.9.6 Configuring a Packet-filtering Firewall
24.9.7 Configuring TCP Wrappers
24.9.8 Configuring Kernel Parameters
24.9.9 Restricting Access to SSH Connections
24.9.10 Configuring File System Mounts, File Permissions, and File Ownerships
24.9.11 Checking User Accounts and Privileges

This chapter describes the subsystems that you can use to administer system security, including SELinux, the Netfilter firewall, TCP Wrappers, chroot jails, auditing, system logging, and process accounting.