Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions

  




 

How to change the security level of a RedHat Linux or Fedora Core Linux system


During installation of your system you will likely have been asked about the firewall settings you want to use. The installation process defaults to the most secure configuration for your firewall on the very sensible assumption that it is better to have a system that is too secure than one that is not secure secure enough. A wise system administrator will always start with everything locked down and then lift the restrictions one by one as the need to do so becomes apparent.

Most users do what the installer recommends and take the most secure firewall option only to later find that the system is locked down so tightly that they can't get things like ftp and samba to work. While on the subject of ftp most security experts advice against the use of ftp for file transfer favoring instead the more secure scp(Secure Copy)  for copying files between systems. Similarly ssh is now recommended instead of telnet for remotely logging in to systems.

If your system is directly visible to the outside world then you will want to be very careful in reducing the level of security provided by the system's firewall. If your Linux system is on a system that is on an isolated and trusted network or behind a well configured firewall then you may not need the highest level of security available. This is a judgement call that you will make based on your specific environment.

If you are using RedHat 9 then you can run the following command to change the firewall security level of your system:

    /usr/sbin/lokkit

lokkit allows you to change the security level from a choice of High, Medium and No Firewall. Navigation is achieved using the tab key to move around and the space bar to select.

You can also customize the settings by selecting the "Customize" button. This gives you a further level of control allowing you to permit DHCP, SSH, Telnet, HTTP (for web servers), SMTP (for email) and FTP (for file transfer). Another option provided gives you the ability to specify which network devices on the system are on a trusted network. You might, for example, be connected to two networks via two network devices - one connected to a trusted network and another interfacing to the outside world. In this situation you can tell the firewall which network device to trust and which one to treat with a healthy level of suspicion.

If you are running Fedora Core with either an X server running or access via a remote X server then you are fortunate to have the choice of running either lokkit or a GUI based security level administation tool which can be invoked as follows:

    /usr/sbin/system-config-securitylevel

Both lokkit and  require root privaledges.

 
 
  © Copyright 2005-2010 Linuxtopia. All Rights Reserved.