Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
ContentsContents
Security and Hardening Guide
  1. Preface
  2. 1 Security and confidentiality
  3. 2 Common Criteria
  4. I Authentication
    1. 3 Authentication with PAM
    2. 4 Using NIS
    3. 5 Setting up authentication clients using YaST
    4. 6 LDAP with 389 Directory Server
    5. 7 Network authentication with Kerberos
    6. 8 Active Directory support
    7. 9 Setting up a freeRADIUS server
  5. II Local security
    1. 10 Physical security
    2. 11 Automatic security checks with seccheck
    3. 12 Software management
    4. 13 File management
    5. 14 Encrypting partitions and files
    6. 15 Storage encryption for hosted applications with cryptctl
    7. 16 User management
    8. 17 Spectre/Meltdown checker
    9. 18 Configuring security settings with YaST
    10. 19 Authorization with PolKit
    11. 20 Access control lists in Linux
    12. 21 Certificate store
    13. 22 Intrusion detection with AIDE
  6. III Network security
    1. 23 X Window System and X authentication
    2. 24 SSH: secure network operations
    3. 25 Masquerading and firewalls
    4. 26 Configuring a VPN server
    5. 27 Managing a PKI with XCA, X certificate and key manager
    6. 28 Enabling FIPS 140-2
  7. IV Confining privileges with AppArmor
    1. 29 Introducing AppArmor
    2. 30 Getting started
    3. 31 Immunizing programs
    4. 32 Profile components and syntax
    5. 33 AppArmor profile repositories
    6. 34 Building and managing profiles with YaST
    7. 35 Building profiles from the command line
    8. 36 Profiling your Web applications using ChangeHat
    9. 37 Confining users with pam_apparmor
    10. 38 Managing profiled applications
    11. 39 Support
    12. 40 AppArmor glossary
  8. V SELinux
    1. 41 Configuring SELinux
  9. VI The Linux Audit Framework
    1. 42 Understanding Linux audit
    2. 43 Setting up the Linux audit framework
    3. 44 Introducing an audit rule set
    4. 45 Useful resources
  10. A Achieving PCI DSS compliance
  11. B GNU licenses
Navigation
Applies to SUSE Linux Enterprise Server 15 SP3

Part III Network security Edit source

23 X Window System and X authentication

Network transparency is one of the central characteristics of a Unix system. X, the windowing system of Unix operating systems, can use this feature in an impressive way. With X, it is no problem to log in to a remote host and start a graphical program that is then sent over the network to be displa…

24 SSH: secure network operations

In networked environments, it is often necessary to access hosts from a remote location. If a user sends login and password strings for authentication purposes as plain text, they could be intercepted and misused to gain access to that user account. This would open all the user's files to an attacker and the illegal account could be used to obtain administrator or root access, or to penetrate other systems. In the past, remote connections were established with telnet, rsh or rlogin, which offered no guards against eavesdropping in the form of encryption or other security mechanisms. There are other unprotected communication channels, like the traditional FTP protocol and some remote copying programs like rcp.

25 Masquerading and firewalls

Whenever Linux is used in a network environment, you can use the kernel functions that allow the manipulation of network packets to maintain a separation between internal and external network areas. The Linux netfilter framework provides the means to establish an effective firewall that keeps differ…

26 Configuring a VPN server

Today, Internet connections are cheap and available almost everywhere. However, not all connections are secure. Using a Virtual Private Network (VPN), you can create a secure network within an insecure network such as the Internet or Wi-Fi. It can be implemented in different ways and serves several purposes. In this chapter, we focus on the OpenVPN implementation to link branch offices via secure wide area networks (WANs).

27 Managing a PKI with XCA, X certificate and key manager

Managing your own public key infrastructure (PKI) is traditionally done with the openssl utility. For admins who prefer a graphical tool, SUSE Linux Enterprise 15.3 includes XCA, the X Certificate and Key management tool (http://hohnstaedt.de/xca).

XCA creates and manages X.509 certificates, certificate requests, RSA, DSA, and EC private keys, Smartcards, and certificate revocation lists (CRLs). XCA supports everything you need to create and manage your own certificate authority (CA). XCA includes customizable templates that can be used for certificate or request generation. This chapter describes a basic setup.

28 Enabling FIPS 140-2

The Federal Information Processing Standard 140-2 (FIPS 140-2) is a security standard for cryptographic modules. Modules are certified by the National Institute of Standards and Technology (NIST, see https://csrc.nist.gov/projects/cryptographic-module-validation-program). See https://www.suse.com/support/security/certifications/ for a list of certified modules.

Print this page