Configuring TCP wrappers (tcpd) using /etc/hosts.allow and /etc/hosts.deny can enhance security for daemons controlled by inetd.

tcpd is often configured to deny access to all systems for all services (a blanket deny), then specific systems are specified for legitimate access to services (limited allow).

tcpd logs using syslog, commonly to /var/log/secure.

find can perform searches for file attributes such as SUID using the -perm option.

RPM packages are verified using the Verify mode, enabled using the -V (capital) option.

The output for each package contains a string of eight characters that are set to dots when the attribute has not changed. The columns represent each of eight different attributes: MD5 checksum, file size, symlink attributes, the file's mtime, device file change, user/owner change, group change, and mode change.

The SGID bit can be applied to directories to enforce a policy whereby new files created within the directory are assigned the same group ownership as the directory itself.

The Secure Shell, or SSH, can be used as an alternative to Telnet for secure communications.

SSH can also protect FTP and other data streams, including X sessions.

The Secure Shell daemon is sshd.

Enabling the use of shadow passwords can enhance local security by making encrypted ...