[linux] securing RHEL5 for UWMedicine network

Daniel Thomas Nevistic dan22 at u.washington.edu
Fri Mar 28 14:51:33 PDT 2008


The remote tools: {ssh, scp, and sftp}, which are all part of the OpenSSH
package are all ready to go. If you are having trouble with them, make
sure that port 22 is open. I am not sure how to do that, since I have
never encountered a system where that was not done for me!

Google searching and forums are a great place to look for help like: "open
port 22"

Read the man pages to learn how to use ssh &c.

i.e.: man scp

A few simple examples:

Client side:

ssh <user-name>@domain.com -X
:: use a capital X to forward the graphical user interface (GUI); Lower
case 'x' will disable the GUI forwarding.

sftp <user-name>@domain
sftp> put tmp.dat
sftp> get file.txt
sftp> exit

Server side:

sshd (the ssh daemon or "background process.") will answer all ssh, scp &
sftp requests, sending the info. through port 22.

Also - if you need quick grapical sessions, you can try FreeNX, by
no-machine. I have not used it myself yet, but have been tempted to try
it, since using MATLAB remotely is generally pretty slow. My solution has
been to not invoke the MATLAB GUI: matlab -nojvm

The firewall will be started automatically at boot-up.

I really don't know what other security that you need. Are you running a
webserver? If so, and you have sensitive information, you should use
OpenSSL to encrypt it. Read the: man ssl/openssl manual pages for more
info.

SSL incryption is why sometimes you see https in the web browser.

You could install an anti-virus program if you want. I have never
installed one on a linux box, but I would assume that it is easy, and
probably free.

For SAN storage, not really sure what you need. Can't you use sftp/scp to
transfer your data?

Good luck!

Daniel Nevistic
Electrical Engineering
University of Washington
206.818.1127

"How beautiful are the feet of those who bring good news!" -Romans 10

On Wed, 26 Mar 2008, Joshua Daniel Franklin wrote:

// Tony Black wrote:
// > I have a RHEL5 workstation that I would like to put on the UWMedicine
// > network and join to the AMC domain. Being new to Linux, I am a bit baffled
// > by what is required to:
// >
// > - firewall the machine and/or provide intrusion detection
// > - provide for secure remote login
// > - provide access to secure SANs in the AMC domain
// > - jump through the various hoops to complete the Security Cetification
// >
// > If any of you have ever completed the Security Cetification for a RHEL
// > workstation, or can provide any guidance on the above issues, please let me
// > know.
//
// What certification guide are you using? EL5 includes a
// firewall and ssh remote login by defaults.
//
// For basic tasks like joining a domain I would recommend the
// Deployment Guide:
// http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/index.html
//
// There are also other manuals and PDF downloads here:
//
// http://www.redhat.com/docs/manuals/enterprise/
//
//



More information about the Linux mailing list