Securety

Hello!

I have just installed Redhat and have not used Linx before so I have some questions:

How do I get a good secuety running the newest RedHat?
How do I refuse All who tries to telnet to my computer and how do I accept only ssh? I like to run the apashe www-server and ftp server. And how do I give a oter user premission to add a new user (if he is not root>) ?
What is most important to get a good securety??
I like to run olwm. What shall I do t gret it to work?
a201Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

xtermCommented:
Thats a bunch of questions:
1)  Leave the securetty the way it is -- it won't allow root
    logins via telnet, and that is the way it should be.
2)  To refuse all telnets?  Just kill the in.telnetd process ID
3)  The Apache web server & WU-FTPD servers are standard (& easy)
4)  You could give another user UID 0 and he'd have root privs,
    but I highly recommend that you do NOT do this.
5)  The standard Window Manager that comes with RH 4.1 is
    FVWM2-95 (*gag*).  Just install Xview and associated
    packages, and change your xinitrc to olwm instead of
    fvwm.
0
a201Author Commented:
Can you tell me what to add where? (to refuse telnet and accept only ssh?) I'm just a beginner....


0
bencurCommented:
1. to refuse telnet logins you have to edit /etc/inetd.conf
  just find the line which begins with telnet (without hash#)
  and hash it. Then run :
  # killall -HUP inetd
            (or :
  # kill -HUP `pidof inetd`)
  the other way to do this is to edit /etc/hosts.deny
  add a this line there:
  in.telnetd:ALL
2. ftp daemon is a standard. you can install apache (if it's not)
  using rpm (in X glint).
3. to make a user who can create accounts:
  just create some speciall group (edit /etc/groups),
  and make a user the member of that group.
  Then set a group of program which is used to create users,
  to that group. Remove execution for everybody, let just owner     (root) and group (your_new_group) read and execute permissions.
  Then set it suid. You can do it with the command :
  # chmod 4750 /sbin/adduser    (or /sbin/useradd, I don't    remember). Suid attribute on owner means, that after execution, this program will run with the owners permissions.
4. To get a good security you should have only few accounts for     only trusted users, then you should use firewall (at least        setup /etc/hosts.{deny,allow}) and remove most of not usefull     SUID attributes from files on your system.
5. to run olwm install Xview package.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
a201Author Commented:
Thank You!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.