DOCSLIB.ORG

Thin Clients Section 2.4

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Thin Clients Section 2.4 Linux in a Windows World By Roderick W. Smith Publisher: O'Reilly Pub Date: February 2005 ISBN: 0-596-00758-2 Pages: 494 Table of • Contents • Index • Reviews Reader The latest in O'Reilly's line of bestselling Linux titles, Linux in a Windows • Reviews World is an invaluable companion for any system administrator interested • Errata in integrating Linux into their Windows environment. This book takes an • Academic in-depth look at exactly how Linux can be brought into an organization that's currently based on Microsoft Windows systems. Featuring a litany of insider tips and techniques, Linux in a Windows World dispenses all the practical advice you need to migrate to this revolutionary open source software. Linux in a Windows World By Roderick W. Smith Publisher: O'Reilly Pub Date: February 2005 ISBN: 0-596-00758-2 Pages: 494 Table of • Contents • Index • Reviews Reader • Reviews • Errata • Academic Copyright Dedication Preface Audience Contents of This Book Conventions Used in This Book Using Code Examples Comments and Questions Safari Enabled Acknowledgments Part I: Linux's Place in a Windows Network Chapter 1. Linux's Features Section 1.1. Where Linux Fits in a Network Section 1.2. Linux as a Server Section 1.3. Linux on the Desktop Section 1.4. Comparing Linux and Windows Features Section 1.5. Summary Chapter 2. Linux Deployment Strategies Section 2.1. Linux Server Options Section 2.2. Linux Desktop Migration Section 2.3. Linux and Thin Clients Section 2.4. Summary Part II: Sharing Files and Printers Chapter 3. Basic Samba Configuration Section 3.1. Installing Samba Section 3.2. The Samba Configuration File Format Section 3.3. Identifying the Server Section 3.4. Setting Master Browser Options Section 3.5. Setting Password Options Section 3.6. Summary Chapter 4. File and Printer Shares Section 4.1. Common File Share Options Section 4.2. Printing with CUPS Section 4.3. Creating a Printer Share Section 4.4. Delivering Printer Drivers to Windows Clients Section 4.5. Example Shares Section 4.6. Summary Chapter 5. Managing a NetBIOS Network with Samba Section 5.1. Enabling Domain Controller Functions Section 5.2. Enabling NBNS Functions Section 5.3. Assuming Master Browser Duties Section 5.4. Summary Chapter 6. Linux as an SMB/CIFS Client Section 6.1. Using NetBIOS Name Resolution Section 6.2. Accessing File Shares Section 6.3. Printing to Printer Shares Section 6.4. Configuring GUI Workgroup Browsers Section 6.5. Summary Part III: Centralized Authentication Tools Chapter 7. Using NT Domains for Linux Authentication Section 7.1. The Principles Behind Winbind Section 7.2. Samba Winbind Configuration Section 7.3. PAM and NSS Winbind Options Section 7.4. Winbind in Action Section 7.5. Summary Chapter 8. Using LDAP Section 8.1. The Principles Behind LDAP Section 8.2. Configuring an OpenLDAP Server Section 8.3. Creating a User Directory Section 8.4. Configuring Linux to Use LDAP for Login Authentication Section 8.5. Configuring Windows to Use LDAPfor Login Authentication Section 8.6. Summary Chapter 9. Kerberos Configuration and Use Section 9.1. Kerberos Fundamentals Section 9.2. Linux Kerberos Server Configuration Section 9.3. Kerberos Application Server Configuration Section 9.4. Linux Kerberos Client Configuration Section 9.5. Windows Kerberos Tools Section 9.6. Summary Part IV: Remote Login Tools Chapter 10. Remote Text-Mode Administration and Use Section 10.1. What Can Text-Mode Logins Do? Section 10.2. SSH Server Configuration Section 10.3. Telnet Server Configuration Section 10.4. Windows Remote-Login Tools Section 10.5. Summary Chapter 11. Running GUI Programs Remotely Section 11.1. What Can GUI Logins Do? Section 11.2. Using Remote X Access Section 11.3. Encrypting X by SSH Tunneling Section 11.4. VNC Configuration and Use Section 11.5. Running Windows Programs from Linux Section 11.6. Summary Chapter 12. Linux Thin Client Configurations Section 12.1. The Role of Thin Client Computing Section 12.2. Hardware Requirements Section 12.3. Linux as a Server for Thin Clients Section 12.4. Linux as a Thin Client Section 12.5. Summary Part V: Additional Server Programs Chapter 13. Configuring Mail Servers Section 13.1. Linux Mail Server Options Section 13.2. Configuring Sendmail Section 13.3. Configuring Postfix Section 13.4. Configuring POP and IMAP Servers Section 13.5. Scanning for Spam, Worms, and Viruses Section 13.6. Supplementing a Microsoft Exchange Server Section 13.7. Using Fetchmail Section 13.8. Summary Chapter 14. Network Backups Section 14.1. Backup Strategies Section 14.2. Backing Up the Linux System Section 14.3. Backing Up with Samba Section 14.4. Backing Up with AMANDA Section 14.5. Summary Chapter 15. Managing a Network with Linux Section 15.1. Delivering IP Addresses with DHCP Section 15.2. Delivering Names with DNS Section 15.3. Keeping Clocks Synchronized with NTP Section 15.4. Summary Part VI: Appendixes Appendix A. Configuring PAM Section A.1. PAM Principles Section A.2. The PAM Configuration File Format Section A.3. PAM Modules Section A.4. Sample PAM Configurations Section A.5. Summary Appendix B. Linux on the Desktop Section B.1. Linux Desktop Applications for All Occasions Section B.2. Configuring Applications and Environments Section B.3. Running Windows Programs in Linux Section B.4. File and Filesystem Compatibility Section B.5. Font Handling Section B.6. Summary Colophon Index Copyright © 2005 O'Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O'Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O'Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are registered trademarks of O'Reilly Media, Inc. The Linux series designations, Linux in a Windows World, images of the American West, and related trade dress are trademarks of O'Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O'Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. Dedication This book is for Theo. May his Apatosaurs, Dilophosaurs, and Gigantosaurs forever be his friends. Preface Hardly a day goes by when Linux doesn't make the news. Judging by the buzz, you might think that Linux is poised for world dominationthe stated goal for Linux in a now-famous quip by its creator, Linus Torvalds. In truth, Linux still faces numerous challenges before it can dominate the computing world, much less the world at large. One of these challenges is the huge installed base of Microsoft Windows systems. As a practical matter, Linux must coexist with these systems. Indeed, the challenge of coexisting with Windows can be viewed as an opportunity: Linux can be integrated into a Windows network, providing a reliable and low-cost platform on which to run vital services for Windows systems, or even serving as a workstation on an otherwise Windows-dominated network. This book is dedicated to describing this opportunity for Linux. If you're reading this Preface, chances are you work with a Windows-dominated network but know something about Linux and wonder how you can best use Linux to improve your Windows network. In broad strokes, you can replace Windows servers, supplement Windows servers with Linux servers, use Linux to implement new services you don't currently run, deploy Linux-based thin clients, or migrate some or all of your Windows desktop systems to Linux. This book provides guidance about how to accomplish these tasks, with an emphasis on Linux in the role of network server operating system (OS). This book will help you reduce costs and improve reliability by describing how several common Linux programs and protocolsSamba, OpenLDAP, VNC, BIND, and so oncan be integrated into a Windows network. This book provides enough information to get any of these programs up and running, provided you've already got a working Linux system. Of course, a book of this size can't cover every detail; if you need to do very complex things, you'll need to consult other books or documentation. The relevant chapters provide pointers. Audience I've written this book with an administrator of a Windows network in mind, but with the assumption that you know the basics of Linux system administration. You might be uncertain of the details as to where Linux might fit into your network or how to get started configuring particular Linux server programs. That's where this book can help: it introduces the most cost-effective ways to add Linux to your network and describes the basics of how to get started configuring specific servers. If you're not already familiar with basic Linux system administration, you should consult a book on the topic, such as Running Linux (O'Reilly) or Linux System Administration (Sybex). Such books will help you with tasks ranging from installing Linux to recompiling your kernel. You should be familiar with networking basics. Although I sometimes provide brief overviews of important prerequisite knowledge, this book doesn't dwell on the details of the TCP/IP stack or how best to lay out a network.
Load more

Recommended publications
  • THINC: a Virtual and Remote Display Architecture for Desktop Computing and Mobile Devices
    THINC: A Virtual and Remote Display Architecture for Desktop Computing and Mobile Devices Ricardo A. Baratto Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Graduate School of Arts and Sciences COLUMBIA UNIVERSITY 2011 c 2011 Ricardo A. Baratto This work may be used in accordance with Creative Commons, Attribution-NonCommercial-NoDerivs License. For more information about that license, see http://creativecommons.org/licenses/by-nc-nd/3.0/. For other uses, please contact the author. ABSTRACT THINC: A Virtual and Remote Display Architecture for Desktop Computing and Mobile Devices Ricardo A. Baratto THINC is a new virtual and remote display architecture for desktop computing. It has been designed to address the limitations and performance shortcomings of existing remote display technology, and to provide a building block around which novel desktop architectures can be built. THINC is architected around the notion of a virtual display device driver, a software-only component that behaves like a traditional device driver, but instead of managing specific hardware, enables desktop input and output to be intercepted, manipulated, and redirected at will. On top of this architecture, THINC introduces a simple, low-level, device-independent representation of display changes, and a number of novel optimizations and techniques to perform efficient interception and redirection of display output. This dissertation presents the design and implementation of THINC. It also intro- duces a number of novel systems which build upon THINC's architecture to provide new and improved desktop computing services. The contributions of this dissertation are as follows: • A high performance remote display system for LAN and WAN environments.
    [Show full text]
  • Karelia-Ammattikorkeakoulu Työasemien Muuttaminen
    KARELIA-AMMATTIKORKEAKOULU Tietotekniikan koulutusohjelma Jouni Nevalainen TYÖASEMIEN MUUTTAMINEN LINUX-KEVYTPÄÄTTEIKSI OUNEVA GROUPISSA Opinnäytetyö Huhtikuu 2013 OPINNÄYTETYÖ Huhtikuu 2013 Tietotekniikan koulutusohjelma Karjalankatu 3 80200 JOENSUU p. (013) 260 6800 Tekijä Jouni Nevalainen Nimeke Työasemien muuttaminen Linux-kevytpäätteiksi Ouneva Groupissa Toimeksiantaja Ouneva Group Tiivistelmä Työpöytävirtualisointi on oikein toteutettuna tehokas keino säästää tietotekniikan ylläpito- ja laitekustannuksissa. Palvelimilla suoritettavat ohjelmat hyödyntävät laitteistoresursseja tehokkaasti ja työasemina voidaan käyttää iäkkäitäkin tietokoneita. Tässä opinnäytetyössä tutkittiin mahdollisuutta muuttaa tehdasympäristössä Windows XP -työasemat Linux-pohjaisiksi MS Remote Desktop Services -päätteiksi. Muutoksen tuli olla käyttäjille huomaamaton. Tärkeimpänä tavoitteena oli vähentää työasemien ylläpitoon kuluvaa aikaa. Tätä varten päätejärjestelmässä oli oltava mahdollisuus hallita työasemien asetuksia keskitetysti. Eri toteutustapoja arvioitiin näitä vaatimuksia vasten ja rakennettiin vaatimukset täyttävä päätejärjestelmä. Kutakin päätejärjestelmää testattiin ensin virtuaalisesti. Näin pyrittiin löytämään ja ratkaisemaan mahdolliset ongelmat ennen varsinaista koekäyttöä. Tehtaassa tapahtunutta koekäyttöä varten perustettiin tarpeelliset palvelimet ja otettiin päätejärjestelmät käyttöön yhdessä tai useammassa työasemassa. Saatujen kokemusten perusteella arvioitiin järjestelmien käyttökelpoisuutta. Työn lopputuloksena syntyi ohutpääteratkaisu,
    [Show full text]
  • Version 7.8-Systemd
    Linux From Scratch Version 7.8-systemd Created by Gerard Beekmans Edited by Douglas R. Reno Linux From Scratch: Version 7.8-systemd by Created by Gerard Beekmans and Edited by Douglas R. Reno Copyright © 1999-2015 Gerard Beekmans Copyright © 1999-2015, Gerard Beekmans All rights reserved. This book is licensed under a Creative Commons License. Computer instructions may be extracted from the book under the MIT License. Linux® is a registered trademark of Linus Torvalds. Linux From Scratch - Version 7.8-systemd Table of Contents Preface .......................................................................................................................................................................... vii i. Foreword ............................................................................................................................................................. vii ii. Audience ............................................................................................................................................................ vii iii. LFS Target Architectures ................................................................................................................................ viii iv. LFS and Standards ............................................................................................................................................ ix v. Rationale for Packages in the Book .................................................................................................................... x vi. Prerequisites
    [Show full text]
  • Pluggable Authentication Modules
    Who this book is written for This book is for experienced system administrators and developers working with multiple Linux/UNIX servers or with both UNIX and Pluggable Authentication Windows servers. It assumes a good level of admin knowledge, and that developers are competent in C development on UNIX-based systems. Pluggable Authentication Modules PAM (Pluggable Authentication Modules) is a modular and flexible authentication management layer that sits between Linux applications and the native underlying authentication system. The PAM framework is widely used by most Linux distributions for authentication purposes. Modules Originating from Solaris 2.6 ten years ago, PAM is used today by most proprietary and free UNIX operating systems including GNU/Linux, FreeBSD, and Solaris, following both the design concept and the practical details. PAM is thus a unifying technology for authentication mechanisms in UNIX. This book provides a practical approach to UNIX/Linux authentication. The design principles are thoroughly explained, then illustrated through the examination of popular modules. It is intended as a one-stop introduction and reference to PAM. What you will learn from this book From Technologies to Solutions • Install, compile, and configure Linux-PAM on your system • Download and compile third-party modules • Understand the PAM framework and how it works • Learn to work with PAM’s management groups and control fl ags • Test and debug your PAM confi guration Pluggable Authentication Modules • Install and configure the pamtester utility
    [Show full text]
  • BSD UNIX Toolbox 1000+ Commands for Freebsd, Openbsd
    76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iii BSD UNIX® TOOLBOX 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD®Power Users Christopher Negus François Caen 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page ii 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page i BSD UNIX® TOOLBOX 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page ii 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iii BSD UNIX® TOOLBOX 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD®Power Users Christopher Negus François Caen 76034ffirs.qxd:Toolbox 4/2/08 12:50 PM Page iv BSD UNIX® Toolbox: 1000+ Commands for FreeBSD®, OpenBSD, and NetBSD® Power Users Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-0-470-37603-4 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 Library of Congress Cataloging-in-Publication Data is available from the publisher. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permis- sion should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.
    [Show full text]
  • Credssp Required by Server – Solutions
    CredSSP required by server – Solutions https://www.syskit.com/blog/credssp-required-b... PRODUCTS COMPANY PARTNERS CUSTOMERS SUPPORT Home > Blog > SysKit Monitor > CredSSP required by server – Solutions CredSSP required by server – Solutions Published: May 16, 2017 Published in: SysKit Monitor Author: Silvio Rahle Failed to connect, CredSSP required by server is an error line returned when trying to connect remotely to a Windows machine using RDP version 6 or newer with the Rdesktop client. It represents a frequent problem for Windows and Linux administrators alike. Rdesktop client is UNIX based client software for Microsoft’s Remote Desktop Protocol. It is commonly used on ReactOS and Linux installations to connect to Windows machines running Remote Desktop Services, which often leads to the CredSSP required by server error. Why does it happen? All Windows clients have a credential cache used for authentication against services in a network called NTLM or Windows NT LAN Manager. RDP supports SSO (single sign-on) authentication enabling a user to log in with a single ID and password to gain access to a connected system. However, Linux clients do not support this type of authentication and they require that credentials are provided, either via a Rdesktop command line or via a login window when initiating the remote session. Linux has Kerberos, which is an authentication mechanism for requesting access to 1 of 5 9/26/17, 9:38 PM CredSSP required by server – Solutions https://www.syskit.com/blog/credssp-required-b... PRODUCTS COMPANY PARTNERS CUSTOMERS SUPPORT Granting Ticket), which is used to access other services, such as RDP.
    [Show full text]
  • Courtesy of SAMAG, 11-2005 ( Anton Borisov Тонкий Клиент
    Courtesy of SAMAG, 11-2005 (http://www.samag.ru) Anton Borisov Тонкий клиент - шаг к “мэйнфреймам”? Когда-то терминалы подключались к мощным серверам и обработка информации происходила на мэйнфреймах. Затем появились достаточно мощные ПЭВМ и информация стала обрабатываться на рабочих местах. Похоже история любит повторяться, но сегодня уже в зеркальном отражении - становится опять экономически выгодно использовать “мэйнфреймы” с подключением легких терминалов - тонких клиентов. Как показывает практика, чем сложнее становится система, тем больше усилий требуется на поддержание ее в рабочем состоянии. В то же время, становится очевидной специализация тех или иных бизнес-процессов. Можно уже четко определить, какие конкретно ресурсы требуются определенным пользователям для решения их бизнес-задач. Исходя из указанных предпосылок данным пользователям следует выделить необходимый конкретно им инструментарий, но не более того. Кроме этого, установку (а в дальнейшем и обновление) пакетов прикладных программ, хранение электронной документации также рациональнее вести в одином месте – на производительном терминальном сервере. Таким образом, проведя анализ потоков данных и выяснив структуру документооборота, предприятие может попробовать преобразовать структуру рабочих мест. Из названия следует, что ориентир сделан на создание тонких клиентов, т.е. создание ПЭВМ, которые отображают выполнение програмного обеспечения на серверной стороне, при этом, будучи клиентской частью, могут быть совершенно облегченными. Под облегченностью понимается как использование
    [Show full text]
  • Security Guide
    Fedora 19 Security Guide A Guide to Securing Fedora Linux Johnray Fuller John Ha David O'Brien Scott Radvan Eric Christensen Adam Ligas Murray McAllister Scott Radvan Daniel Walsh Security Guide Dominick Grift Eric Paris James Morris Fedora 19 Security Guide A Guide to Securing Fedora Linux Edition 19.1 Author Johnray Fuller [email protected] Author John Ha [email protected] Author David O'Brien [email protected] Author Scott Radvan [email protected] Author Eric Christensen [email protected] Author Adam Ligas [email protected] Author Murray McAllister [email protected] Author Scott Radvan [email protected] Author Daniel Walsh [email protected] Author Dominick Grift [email protected] Author Eric Paris [email protected] Author James Morris [email protected] Copyright © 2007-2013 Fedora Project Contributors. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
    [Show full text]
  • SUSE Linux Enterprise Server 15 SP2 Security and Hardening Guide Security and Hardening Guide SUSE Linux Enterprise Server 15 SP2
    SUSE Linux Enterprise Server 15 SP2 Security and Hardening Guide Security and Hardening Guide SUSE Linux Enterprise Server 15 SP2 Introduces basic concepts of system security, covering both local and network security aspects. Shows how to use the product inherent security software like AppArmor, SELinux, or the auditing system that reliably collects information about any security-relevant events. Supports the administrator with security-related choices and decisions in installing and setting up a secure SUSE Linux Enterprise Server and additional processes to further secure and harden that installation. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its
    [Show full text]
  • Download Article
    Advances in Computer Science Research (ACRS), volume 54 International Conference on Computer Networks and Communication Technology (CNCT2016) Research and Implementation of RDP Proxy Proxy-based Audit System 1 2, 3 Xiao-Liang ZHANG , Xiao-Yu WU and Wu-Xia ZHANG 1,2,3 School of Computer Science and Technology North China Electric Power University Beijing, China [email protected] Keywords: RDP protocol, The agency agreement, The audit system, The operation playback, Security. Abstract. Using the Windows RDP protocol developed by Microsoft Inc to connect and operate the remote machines which base on the same system become a trend. However, the RDP has caused many security problems. It is necessary to design and implement a audit system to ensure the system’s security and guarantee the machines run correctly. It points out improper methods than before and accomplishes the RDP proxy proxy-based audit system to solve the problems. Introduction The expansion of Business Scale have a influence on the working place and implementation in the different workplaces. The operator operate the remote servers in accordance with RDP protocol. RDP provides a graphical interface to help the maintain staffs interact with the remote server system. In comparison to the former, the operations become easier and the efficiency of workers' operation become better[1]. Using the remote desktop client we can connect any server that support the remote control and can decrease the workload. Remote desktop procedure just convey the information of the user’s mouse, keyboard and other device to the remote server system and never involved in the data processing, so that the level of hardware requirements commonly.
    [Show full text]
  • Guide to the Secure Configuration of Red Hat Enterprise Linux 5
    Guide to the Secure Configuration of Red Hat Enterprise Linux 5 Revision 4.2 August 26, 2011 Operating Systems Division Unix Team of the Systems and Network Analysis Center National Security Agency 9800 Savage Rd. Suite 6704 Ft. Meade, MD 20755-6704 2 Warnings Do not attempt to implement any of the recommendations in this guide without first testing in a non- production environment. This document is only a guide containing recommended security settings. It is not meant to replace well- structured policy or sound judgment. Furthermore this guide does not address site-specific configuration concerns. Care must be taken when implementing this guide to address local operational and policy concerns. The security changes described in this document apply only to Red Hat Enterprise Linux 5. They may not translate gracefully to other operating systems. Internet addresses referenced were valid as of 1 Dec 2009. Trademark Information Red Hat is a registered trademark of Red Hat, Inc. Any other trademarks referenced herein are the property of their respective owners. Change Log Revision 4.2 is an update of Revision 4.1 dated February 28, 2011. Added section 2.5.3.1.3, Disable Functionality of IPv6 Kernel Module Through Option. Added discussion to section 2.5.3.1.1, Disable Automatic Loading of IPv6 Kernel Module, indicating that this is no longer the preferred method for disabling IPv6. Added section 2.3.1.9, Set Accounts to Disable After Password Expiration. Revision 4.1 is an update of Revision 4 dated September 14, 2010. Added section 2.2.2.6, Disable All GNOME Thumbnailers if Possible.
    [Show full text]
  • Security Guide Security Guide SUSE Linux Enterprise Server 12 SP4
    SUSE Linux Enterprise Server 12 SP4 Security Guide Security Guide SUSE Linux Enterprise Server 12 SP4 Introduces basic concepts of system security, covering both local and network security aspects. Shows how to use the product inherent security software like AppArmor or the auditing system that reliably collects information about any security-relevant events. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About This Guide xvi 1 Available Documentation xvi 2 Giving Feedback xviii 3 Documentation Conventions xviii 4 Product Life Cycle
    [Show full text]