Chapter 25 System Security Administration

Table of Contents

25.1 About System Security
25.2 Configuring and Using SELinux
25.2.1 About SELinux Administration
25.2.2 About SELinux Modes
25.2.3 Setting SELinux Modes
25.2.4 About SELinux Policies
25.2.5 About SELinux Context
25.2.6 About SELinux Users
25.2.7 Troubleshooting Access-Denial Messages
25.3 About Packet-filtering Firewalls
25.3.1 Controlling the Firewall Service
25.3.2 Listing Firewall Rules
25.3.3 Inserting and Replacing Rules in a Chain
25.3.4 Deleting Rules in a Chain
25.3.5 Saving Rules
25.4 About TCP Wrappers
25.5 About chroot Jails
25.5.1 Running DNS and FTP Services in a Chroot Jail
25.5.2 Creating a Chroot Jail
25.5.3 Using a Chroot Jail
25.6 About Auditing
25.7 About System Logging
25.7.1 Configuring Logwatch
25.8 About Process Accounting
25.9 Security Guidelines
25.9.1 Minimizing the Software Footprint
25.9.2 Configuring System Logging
25.9.3 Disabling Core Dumps
25.9.4 Minimizing Active Services
25.9.5 Locking Down Network Services
25.9.6 Configuring a Packet-filtering Firewall
25.9.7 Configuring TCP Wrappers
25.9.8 Configuring Kernel Parameters
25.9.9 Restricting Access to SSH Connections
25.9.10 Configuring File System Mounts, File Permissions, and File Ownerships
25.9.11 Checking User Accounts and Privileges

This chapter describes the subsystems that you can use to administer system security, including SELinux, the Netfilter firewall, TCP Wrappers, chroot jails, auditing, system logging, and process accounting.