How to change the security level of a RedHat Linux or Fedora Core Linux system
During installation of your system you will likely have
been asked about the firewall settings you want to use. The
installation process defaults to the most secure configuration for your
firewall on the very sensible assumption that it is better to have a
system that is too secure
than one that is not secure secure enough. A wise system administrator
will always start with everything locked down and then lift the
restrictions one by one as the need to do so becomes apparent.
Most users do what the installer recommends and take the most secure
firewall option only to later find that
the system is locked down so tightly that they can't get things like
ftp and samba to work. While on the subject of ftp most security
experts advice against the use of ftp for file transfer favoring
instead the more secure scp(Secure Copy) for copying files
between systems. Similarly ssh is now recommended instead of telnet for
remotely logging in to systems.
If your system is directly visible to the outside world then you will
want to be very careful in reducing the level of security provided by
the system's firewall. If your Linux system is on a system that is on
an isolated and trusted network or behind a well configured firewall
then you may not
need the highest level of security available. This is a judgement call
that you will make based on your specific environment.
If you are using RedHat 9 then you can run the following command to
change the firewall security level of your system:
lokkit allows you to change
the security level from a choice of High,
Medium and No Firewall. Navigation is achieved using the tab key to
move around and the space bar to select.
You can also customize the settings by selecting the "Customize"
button. This gives you a further level of control allowing you to
permit DHCP, SSH, Telnet, HTTP (for web servers), SMTP (for email) and
FTP (for file transfer). Another option provided gives you the ability
to specify which network
devices on the system are on a trusted network. You might, for example,
be connected to two networks via two network devices - one connected to
a trusted network and another interfacing to the outside world. In this
situation you can tell the firewall which network device to trust and
which one to treat with a healthy level of suspicion.
you are running Fedora Core with either an X server
running or access via a remote X server then you are fortunate to have
the choice of running either lokkit or a GUI based security level
administation tool which can be invoked as follows:
Both lokkit and require