Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




fedora 11


A Guide to Securing Fedora Linux

Edition 1.0


Johnray Fuller

Red Hat

John Ha

Red Hat

David O'Brien

Red Hat

Scott Radvan

Red Hat

Eric Christensen

Fedora Project Documentation Team

Legal Notice

Copyright © 2008 Red Hat, Inc. This material may only be distributed subject to the terms and conditions set forth in the Open Publication License, V1.0, (the latest version is presently available at
Fedora and the Fedora Infinity Design logo are trademarks or registered trademarks of Red Hat, Inc., in the U.S. and other countries.
Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat Inc. in the United States and other countries.
All other trademarks and copyrights referred to are the property of their respective owners.
Documentation, as with software itself, may be subject to export control. Read about Fedora Project export controls at
The Linux Security Guide is designed to assist users of Linux in learning the processes and practices of securing workstations and servers against local and remote intrusion, exploitation, and malicious activity. The Linux Security Guide details the planning and the tools involved in creating a secured computing environment for the data center, workplace, and home. With proper administrative knowledge, vigilance, and tools, systems running Linux can be both fully functional and secured from most common intrusion and exploit methods.

1. Document Conventions
1.1. Typographic Conventions
1.2. Pull-quote Conventions
1.3. Notes and Warnings
2. We Need Feedback!
1. Security Overview
1.1. Introduction to Security
1.1.1. What is Computer Security?
1.1.2. SELinux
1.1.3. Security Controls
1.1.4. Conclusion
1.2. Vulnerability Assessment
1.2.1. Thinking Like the Enemy
1.2.2. Defining Assessment and Testing
1.2.3. Evaluating the Tools
1.3. Attackers and Vulnerabilities
1.3.1. A Quick History of Hackers
1.3.2. Threats to Network Security
1.3.3. Threats to Server Security
1.3.4. Threats to Workstation and Home PC Security
1.4. Common Exploits and Attacks
1.5. Security Updates
1.5.1. Updating Packages
1.5.2. Verifying Signed Packages
1.5.3. Installing Signed Packages
1.5.4. Applying the Changes
2. Securing Your Network
2.1. Workstation Security
2.1.1. Evaluating Workstation Security
2.1.2. BIOS and Boot Loader Security
2.1.3. Password Security
2.1.4. Administrative Controls
2.1.5. Available Network Services
2.1.6. Personal Firewalls
2.1.7. Security Enhanced Communication Tools
2.2. Server Security
2.2.1. Securing Services With TCP Wrappers and xinetd
2.2.2. Securing Portmap
2.2.3. Securing NIS
2.2.4. Securing NFS
2.2.5. Securing the Apache HTTP Server
2.2.6. Securing FTP
2.2.7. Securing Sendmail
2.2.8. Verifying Which Ports Are Listening
2.3. Single Sign-on (SSO)
2.3.1. Introduction
2.3.2. Getting Started with your new Smart Card
2.3.3. How Smart Card Enrollment Works
2.3.4. How Smart Card Login Works
2.3.5. Configuring Firefox to use Kerberos for SSO
2.4. Pluggable Authentication Modules (PAM)
2.4.1. Advantages of PAM
2.4.2. PAM Configuration Files
2.4.3. PAM Configuration File Format
2.4.4. Sample PAM Configuration Files
2.4.5. Creating PAM Modules
2.4.6. PAM and Administrative Credential Caching
2.4.7. PAM and Device Ownership
2.4.8. Additional Resources
2.5. TCP Wrappers and xinetd
2.5.1. TCP Wrappers
2.5.2. TCP Wrappers Configuration Files
2.5.3. xinetd
2.5.4. xinetd Configuration Files
2.5.5. Additional Resources
2.6. Kerberos
2.6.1. What is Kerberos?
2.6.2. Kerberos Terminology
2.6.3. How Kerberos Works
2.6.4. Kerberos and PAM
2.6.5. Configuring a Kerberos 5 Server
2.6.6. Configuring a Kerberos 5 Client
2.6.7. Domain-to-Realm Mapping
2.6.8. Setting Up Secondary KDCs
2.6.9. Setting Up Cross Realm Authentication
2.6.10. Additional Resources
2.7. Virtual Private Networks (VPNs)
2.7.1. How Does a VPN Work?
2.7.2. VPNs and Fedora
2.7.3. IPsec
2.7.4. Creating an IPsec Connection
2.7.5. IPsec Installation
2.7.6. IPsec Host-to-Host Configuration
2.7.7. IPsec Network-to-Network Configuration
2.7.8. Starting and Stopping an IPsec Connection
2.8. Firewalls
2.8.1. Netfilter and IPTables
2.8.2. Basic Firewall Configuration
2.8.3. Using IPTables
2.8.4. Common IPTables Filtering
2.8.5. FORWARD and NAT Rules
2.8.6. Malicious Software and Spoofed IP Addresses
2.8.7. IPTables and Connection Tracking
2.8.8. IPv6
2.8.9. Additional Resources
2.9. IPTables
2.9.1. Packet Filtering
2.9.2. Differences Between IPTables and IPChains
2.9.3. Command Options for IPTables
2.9.4. Saving IPTables Rules
2.9.5. IPTables Control Scripts
2.9.6. IPTables and IPv6
2.9.7. Additional Resources
3. Encryption
3.1. Data at Rest
3.2. Full Disk Encryption
3.3. File Based Encryption
3.4. Data in Motion
3.5. Virtual Private Networks
3.6. Secure Shell
3.7. LUKS Disk Encryption
3.7.1. LUKS Implementation in Fedora
3.7.2. Manually Encrypting Directories
3.7.3. Step-by-Step Instructions
3.7.4. What you have just accomplished.
3.7.5. Links of Interest
3.8. 7-Zip Encrypted Archives
3.8.1. 7-Zip Installation in Fedora
3.8.2. Step-by-Step Installation Instructions
3.8.3. Step-by-Step Usage Instructions
3.8.4. Things of note
3.9. Using GNU Privacy Guard (GnuPG)
3.9.1. Creating GPG Keys in GNOME
3.9.2. Creating GPG Keys in KDE
3.9.3. Creating GPG Keys Using the Command Line
3.9.4. About Public Key Encryption
4. General Principles of Information Security
4.1. Tips, Guides, and Tools
5. Secure Installation
5.1. Disk Partitions
5.2. Utilize LUKS Partition Encryption
6. Software Maintenance
6.1. Install Minimal Software
6.2. Plan and Configure Security Updates
6.3. Adjusting Automatic Updates
6.4. Install Signed Packages from Well Known Repositories
7. References

  Published under the terms of the Open Publication License Design by Interspire