Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
documentation.suse.com › SUSE Linux Enterprise Server-Dokumentation › Security Guide › Local Security
ContentsContents
Security Guide
  1. About This Guide
  2. 1 Security and Confidentiality
  3. I Authentication
    1. 2 Authentication with PAM
    2. 3 Using NIS
    3. 4 Setting Up Authentication Servers and Clients Using YaST
    4. 5 LDAP—A Directory Service
    5. 6 Network Authentication with Kerberos
    6. 7 Active Directory Support
  4. II Local Security
    1. 8 Configuring Security Settings with YaST
    2. 9 Authorization with PolKit
    3. 10 Access Control Lists in Linux
    4. 11 Encrypting Partitions and Files
    5. 12 Certificate Store
    6. 13 Intrusion Detection with AIDE
  5. III Network Security
    1. 14 X Window System and X Authentication
    2. 15 SSH: Secure Network Operations
    3. 16 Masquerading and Firewalls
    4. 17 Configuring a VPN Server
    5. 18 Managing X.509 Certification
  6. IV Confining Privileges with AppArmor
    1. 19 Introducing AppArmor
    2. 20 Getting Started
    3. 21 Immunizing Programs
    4. 22 Profile Components and Syntax
    5. 23 AppArmor Profile Repositories
    6. 24 Building and Managing Profiles with YaST
    7. 25 Building Profiles from the Command Line
    8. 26 Profiling Your Web Applications Using ChangeHat
    9. 27 Confining Users with pam_apparmor
    10. 28 Managing Profiled Applications
    11. 29 Support
    12. 30 AppArmor Glossary
  7. V SELinux
    1. 31 Configuring SELinux
  8. VI The Linux Audit Framework
    1. 32 Understanding Linux Audit
    2. 33 Setting Up the Linux Audit Framework
    3. 34 Introducing an Audit Rule Set
    4. 35 Useful Resources
  9. A Achieving PCI-DSS Compliance
  10. B GNU-Lizenzen
Navigation
documentation.suse.com › SUSE Linux Enterprise Server-Dokumentation › Security Guide › Local Security
Top
Applies to SUSE Linux Enterprise Server 15

Part II Local Security

8 Configuring Security Settings with YaST

The YaST module Security Center and Hardening offers a central clearinghouse to configure security-related settings for SUSE Linux Enterprise Server. Use it to configure security aspects such as settings for the login procedure and for password creation, for boot permissions, user creation or for default file permissions. Launch it from the YaST control center by Security and Users › Security Center and Hardening. The Security Center dialog always starts with the Security Overview, and other configuration dialogs are available from the right pane.

9 Authorization with PolKit

PolKit (formerly known as PolicyKit) is an application framework that acts as a negotiator between the unprivileged user session and the privileged system context. Whenever a process from the user session tries to carry out an action in the system context, PolKit is queried. Based on its configuration—specified in a so-called policy—the answer could be yes, no, or needs authentication. Unlike classical privilege authorization programs such as sudo, PolKit does not grant root permissions to an entire session, but only to the action in question.

10 Access Control Lists in Linux

POSIX ACLs (access control lists) can be used as an expansion of the traditional permission concept for file system objects. With ACLs, permissions can be defined more flexibly than with the traditional permission concept.

11 Encrypting Partitions and Files

Encrypting files, partitions, and entire disks prevents unauthorized access to your data and protects your confidential files and documents.

12 Certificate Store

Certificates play an important role in the authentication of companies and individuals. Usually certificates are administered by the application itself. In some cases, it makes sense to share certificates between applications. The certificate store is a common ground for Firefox, Evolution, and NetworkManager. This chapter explains some details.

13 Intrusion Detection with AIDE

Securing your systems is a mandatory task for any mission-critical system administrator. Because it is impossible to always guarantee that the system is not compromised, it is very important to do extra checks regularly (for example with cron) to ensure that the system is still under your control. This is where AIDE, the Advanced Intrusion Detection Environment, comes into play.

Chapter 8 Configuring Security Settings with YaSTChapter 7 Active Directory Support
Print this page

© 2020 SUSE