Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm seeing a lot of helpful threads in the forum which offer suggestions and links to external sites about doing an iptable configuration. And that's fine. But I wonder, do I need to run any iptable scripts or make any changes? Is the default firewall setup on the various versions of Red Hat, particularly RHEL 3 enough? Is it secure enough or do I need to learn about working in command line directly with iptables. I'd like to just click "Enable firewall" and feel secure..Is that realistic for home office use..What is the security level provided by a default firewall in RH. Thanks for any feedback.
You can use a program called nmap (usually bundled with Linux distributions for security). Go to console mode (open a terminal) and type in nmap localhost. That will scan all your ports and provide a statistic on which ports are opened and which are filtered or masked. This way you can answer your own question on how secure the firewall actually is. If you are not running any servers all ports should be closed or filtered (to allow only specific IPs).
Post your nmap results here and we'll tell you if you are secure or not
Thanks for your response. Okay my nmap localhost results are as follows. First the results say that the 1598 ports scanned but not shown below are in closed state. And then I see..
Port State Service
22/tcp open ssh
631/tcp open ipp
6000/tcp open X11
What's the nature of your connection to the Internet? If you're behind a DSL modem or something else that does Network Address Translation, then you're in the clear anyway. The port 22 ssh isn't going to cause you problems because people have to attach with an SSH-enabled client and log in using a valid login. If you have an obvious password for root, then you'd want to close that port or pick a better password.
Someone with more experience is going to have to give you word on ipp, I don't recognize that service.
The X11 port probably isn't necessary to be open unless you want to run X remotely.
You can close port 631. Also for the root password for ssh, disable root login immediately, allowing root login is very very dangerous and not recommended. Login with your username and then su to root.
There's not really a way *at least that I know of* that disables a login so that another login must be used initially for normal accounts. In any case, there's really no need to do such a thing. If you have an account called "jmcraig" that you want to restrict certain rights, use chroot. Other possibilities are using a shell that has limited rights already and customizing it.
Aka Shiva,
port 631 is ipp which is internet printing protocol. Cups does use this but i was pretty darn sure (like 99.9%) that he didn't have a printer attached to his computer? Why was I sure...i have no idea . Ok, so let me correct myself....if you have a printer attached, block port 631 from the outside world but let your lan see it.
Thanks for everyone's responses. Sorry for my own delay here..
JMCraig, thanks for your feedback. I have no need to access X remotely. How do I close or blocak that port 6000? In one instance I am behind a hardware firewall anyway so I guess you would call that "in the clear". Do you mean clear as in safe or wide open? I assume you mean safe...
Thanks twantrd for the feedback about port 631. How do I close that port? Actually I do have a printer which I like to attach to the machine to print files so I am interested in your suggestion about blocking it from the outside but leaving it open on a lan.
About the hardware firewall..Of course that won't be present when I connect to the internet using the wireless card from some other location than my office. Which is why I am asking about Red Hat's software firewall.
Since you want to run that service but not allow outside connections to that port, look at iptables. Documentation is everywhere on the internet. Let us know if you need additional help.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.