Web hosting domains - Chapter 6 . Securing Linux 227 listen on
Chapter 6 . Securing Linux 227 listen on port 873 for TCP and UDP protocols. You can see that the service is off by default (disable = yes). To enable the rsync services, change the line to read disable = no instead. Thus, the disable line from the preceding example would look like this: disable = no The rsync service is a nice one to turn on if your machine is an FTP server. It allows people to use an rsync client (which includes a checksum-search algorithm) to download files from your server. With that feature, users can restart a disrupted download without having to start from the beginning. Because most services are disabled by default, your computer is only as insecure as you make it. You can double-check that insecure services, such as rlogin and rsh (which are included in the rsh-server package in Fedora and RHEL systems), are also disabled by making sure that disabled = yes is set in the /etc/xinetd .d/rlogin and rsh files. You can make the remote login service active but disable the use of the /etc/host.equiv and .rhosts files, requiring rlogin to always prompt for a password. Rather than disabling the service, locate the server line in the rsh file (server = /usr/sbin/in.rshd) and add a space followed by -L at the end. You now need to send a signal to the xinetd process to tell it to reload its configuration file. The quickest way to do that in Fedora and RHEL systems is to reload the xinetd service. As the root user, type the following from a shell: # service xinetd reload Reloading configuration: [ OK ] You can also tell the xinetd process directly to reread the configuration file by sending it a SIGHUP signal. That works if you are using the inetd daemon instead (on systems such as Debian or Slackware) to reread the /etc/inetd.conf file. For example, type this (as root user) to have the inetd daemon reread the configuration file: # killall -s SIGHUP inetd That s it you have enabled the rsync service. Provided that you have properly configured your FTP server, clients should now be able to download files from your computer via the rsync protocol. Securing Servers with SELinux Red Hat, Inc. did a clever thing when it took its first swipe at implementing SELinux in Red Hat systems. Instead of creating policies to control every aspect of your Linux system, they created a targeted policy type that focused on securing those services that are most vulnerable to attacks. They then set about securing those services in such a way that, if they were compromised, a cracker couldn t compromise the rest of the system as well. Tip Tip
You want to have a cheap webhost for your apache application, then check apache web hosting services.