Security Awareness (We need to replace nameserver with the TCP/IP address of our nameserver.) Now our name server queries should work again. Here’s what our rules look like: # iptables -L -v Chain INPUT (policy DROP 26 packets, 2276 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp — eth0 any 192.168.10.0/24 anywhere tcp dpt:http 0 0 DROP tcp — any any 192.168.1.57 anywhere tcp dpts:ftp-data:ftp 0 0 ACCEPT tcp — any any 192.168.1.0/24 anywhere tcp dpts:ftp-data:ftp 0 0 ACCEPT all — any any nameserver anywhere tcp dpts:domain Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1190 packets, 430K bytes) pkts bytes target prot opt in out source destination Once we’ve configured our rules, we need to make sure that they work as expected. In this example, we’d try ftp and Web server access from different hosts to see that they were allowed or blocked as required. Once we’re happy with the rules, we need to save them so that they will be reactivated if the machine is rebooted. We do this with the following command: # service iptables save Security Awareness The final part of this chapter deals with “softer” security concerns, such as maintaining awareness of security issues. Security Alerts Security problems with software are found and fixed on an almost daily basis. It is important to be aware of any security vulnerabilities that affect software you have running on your system as soon as they are discovered. Perhaps the easiest way to do this is to subscribe to a security alert service. Red Hat provide their own through the Red Hat Network, we mentioned earlier, and its is very useful because you will be notified only of problems that affect the RPMs that you have installed on your system. You’ll also get notified immediately if there’s an update to a Red Hat supplied RPM that you’ve just installed. As well as the Red Hat Network, there are many Web sites offering useful security information. Here are just a few of them. Red Hat Errata Web Site Red Hat provides another Web site that you can use to check out security related fixes for the packages that you have installed. The URL for this site is http://www.redhat.com/apps/support/errata/. From this page, you can access Security Alerts, Bug Fixes and Enhancements for all currently supported releases of Red Hat Linux. There’s also a link to the Red Hat Security Resource Center, where you can subscribe to a monthly 431
Note: If you are looking for good and quality webspace to host and run your java application check professional java hosting services