I want to know is there any secruity hole in my system , eg . the service port released , insecure files , files permission .... etc , is there any software can help to check it ? thx

This has been asked several times ....

You can use nmap, nessus

You can use the services of grc.com, sygate.com

thx reply , i never have experience to use this tools , before I run it , what I need to prepare , eg. stop the services , backup the data files .. etc.
besides , except scan the system , will the tools update any files in my system ? if yes , I think I need backup sth first .

well you don't really need to backup files to install and run nmap. With nessus, you will have to start the nessusd daemon and run the nessus client.

grc.com , sygate.com will scan your pc from outside your firewall and determine weaknesses, if any.

the nmap seems come with the rh8 , can I use it , or d/l one from the internet ? thx

Just use the nmap which came with your rh. Note: If you don't want to use the
command line version, just start a shell under your favourite gui and type
'xnmap' for a graphical version.

HTH

Talking network testing, Nessus in this case definately will give you more feedback on what's actually running, but IMHO for securing a system you should start inside-out. If host security is bad, then whatever you do to secure network access isn't built on a solid basis. For testing before and during securing a system I prefer using my own checklist and general purpose tools like Tiger and Lsat (USAT on Sourceforge). Don't forget to grab a CERT checklist as it'll most definately will save you time. Come to think of it, some people actually might like to use Bastille-Linux, and if you're new to Linux it'll save you even more time.