Problem solve Get help with specific problems with your technologies, process and projects.

Securing your Red Hat Linux network

James Turnbull gives pointers for securing a Linux network.

What steps should I take to secure a network of computers running Red Hat Linux Fedora Core 3?
I can provide some general recommendations for securing a network of Red Hat Linux systems. These are listed below:
  • Only install the packages and components you require for your hosts. Any host build should start from the Red Hat 'minimal' build and then add any required additional packages.
  • Update your hosts frequently and ensure any known vulnerabilities are addressed using patching, updates or workarounds.
  • Remove any unneeded users and groups. Also change the passwords of, and preferably lock, any user accounts which do not need to log in. Remember to chose strong passwords and change them on a regular basis.
  • Remove any unnecessary process, daemons or services. Red Hat comes with a number of services you probably don't need, for example, unless you need NFS you should disable it and any related services.
  • Firewall your hosts and your network. Install a firewall such as iptables to your host and secure it. Install a firewall between your hosts and any external networks. Ensure you firewall both incoming and outgoing traffic so as to only allow those services and daemons which you actually require to send and receive traffic on your host.
  • Secure incoming connections to your hosts. This includes tools such as ssh where you should, for example, disallow root logins. This also applies to securing services, such as mail, which you might want to allow through your firewalling. Limit access to these services to the resources, hosts and networks that require them.
  • Install network- and host-based Intrusion Detection Systems (HIDS) and/or integrity checking application such as Tripwire on hosts.
  • Look at hardening the base operating system and kernel of your hosts with additions such as Security Enhanced Linux or Openwall.
  • Log. Log some more. And then sort, correlate, alert and -- most importantly --review your logs and alerts.
  • Review Red Hat's security announcements and general Linux security lists for vulnerabilities or bugs relevant to your hosts. Awareness is the first step in prevention.

Dig Deeper on Linux servers

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.