Mysql Developing And Programming, Personal Web Hosting Blog

Chapter 6 . Securing Linux 213 It is important to note that once you have this working, it will work regardless of how many times the IP address changes on your local computer. The IP address has nothing to do with this form of authentication. Securing Linux Servers Opening up your Linux system as a server on a public network creates a whole new set of challenges when it comes to security. Instead of just turning away nearly all incoming requests, your computer will be expected to respond to requests for supported services (such as Web, FTP, or mail service) by supplying information or possibly running scripts that take in data. Entire books have been filled with information on how to go about securing your servers. Many businesses that rely on Internet servers assign full-time administrators to watch over the security of their servers. So, think of this section as an overview of some of the kinds of attacks to look out for and some tools available to secure your Linux server. Controlling Access to Services with TCP Wrappers Completely disabling an unused service is fine, but what about the services that you really need? How can you selectively grant and deny access to these services? For Linux systems that incorporate TCP wrapper support, the /etc/hosts.allow and /etc/hosts.deny files determine when a particular connection should be granted or refused for services such as rlogin, rsh, telnet, finger, and talk. Most Linux systems that implement TCP wrappers do so for a set of services that are monitored by a single listening process called the Internet super server. For Red Hat systems, that server is the xinetd daemon, while in other systems (such as Debian) the inetd daemon is used. When a service that relies on TCP wrappers is requested from the server process, the hosts.allow and hosts.deny files are scanned and checked for an entry that matches the IP address of the connecting machine. These checks are made when connection attempts occur: . If the address is listed in the hosts.allow file, the connection is allowed and hosts.deny is not checked. . If the address is in hosts.deny, the connection is denied. . If the address is in neither file, the connection is allowed. Keep in mind that the order in which hosts are evaluated is important. For example, you cannot deny access to a host in the hosts.deny file that has already been given access in the hosts.allow file.
Visit our web design programs services for an affordable and reliable webhost to suit all your needs.

This entry was posted on Friday, July 20th, 2007 at 5:20 pm and is filed under J2EE. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.