Secureing Redhat Linux >= 6.2


This tutorial covers some of the basics of securing Red Hat Linux. It dosen't currently cover RH 7.0.
This provides only the basics to secureing Red Hat. Other things such as fixing kernel vunrabilities are not covered.
1. The first thing that needs to be done is to stop all uneccisary services such as PCMCIA. From a console, logged in as root, type setup.
2. Choose Services, and stop the following. (this will speed up your computer, too)
        Sendmail
        Httpd
        PCMCIA (don't shut this off on a laptop)
        identd
        named
        netfs
        nfslock
        postgresql
        portmap
        rstatd
        rusersd
        rwalld
        rwhod
        snmpd
        ypbind
        yppasswdd
        ypserv
      Exit by choosing ok, and then choose quit.
 
3. As root using your favorite editor, open /etc/inetd.conf. Comment out everything, including the following.
        telnet
        talk
        ntalk
        shell
        tftp
        finger
        auth
        linuxconf
        samba
       
4. Now comes the fancy part, using ipchains to keep people out of your systems.
Copy this to a file called rc.firewall and place it in /etc/rc.d/.
 
#!/bin/sh
#keep em outta my machine!!!
# auth
/sbin/ipchains -A input -s 0.0.0.0/0 -p tcp -d (your ip addy) 113 -j DENY
/sbin/ipchains -A input -s 0.0.0.0/0 -p udp -d (your ip addy) 113 -j DENY

# x-win
/sbin/ipchains -A input -s 0.0.0.0/0 -p tcp -d (your ip addy) 6000:6001 -j DENY
/sbin/ipchains -A input -s 0.0.0.0/0 -p udp -d (your ip addy) 6000:6001 -j DENY

# amandaidx & amidxtape
/sbin/ipchains -A input -s 0.0.0.0/0 -p tcp -d (your ip addy) 10082:10083 -j DENY
/sbin/ipchains -A input -s 0.0.0.0/0 -p udp -d (your ip addy) 10082:10083 -j DENY

# dec-notes
/sbin/ipchains -A input -s 0.0.0.0/0 -p tcp -d (your ip addy) 3333 -j DENY
/sbin/ipchains -A input -s 0.0.0.0/0 -p udp -d (your ip addy) 3333 -j DENY

# afpovertcp
/sbin/ipchains -A input -s 0.0.0.0/0 -p tcp -d (your ip addy) 548 -j DENY
/sbin/ipchains -A input -s 0.0.0.0/0 -p udp -d (your ip addy) 548 -j DENY

# elite
/sbin/ipchains -A input -s 0.0.0.0/0 -p tcp -d (your ip addy) 31337 -j DENY
/sbin/ipchains -A input -s 0.0.0.0/0 -p udp -d (your ip addy) 31337 -j DENY

# 111
/sbin/ipchains -A input -s 0.0.0.0/0 -p tcp -d (your ip addy) 111 -j DENY
/sbin/ipchains -A input -s 0.0.0.0/0 -p udp -d (your ip addy) 111 -j DENY

# 53
/sbin/ipchains -A input -s 0.0.0.0/0 -p tcp -d (your ip addy) 53 -j DENY
/sbin/ipchains -A input -s 0.0.0.0/0 -p udp -d (your ip addy) 53 -j DENY

# elite
/sbin/ipchains -A input -s 0.0.0.0/0 -p tcp -d (your ip addy) 515 -j DENY
/sbin/ipchains -A input -s 0.0.0.0/0 -p udp -d (your ip addy) 515 -j DENY
 
add a line to the very top of /etc/rc.d/rc.local that looks like this:
/etc/rc.d/rc.firewall
 
That are some of the basics to securing a RedHat Linux box. These aren't the only things that need to be done, just some of the basics. Check RedHats website for all security updates and kernel updates and make sure that they are installed.
 
By Brad Davis