We have taken the standard RedHat releases and have added or changed the following to help improve the security of systems installed with this Fermi Linux release.

• Pre-installed all of the Red Hat errata rpms.

• Created /etc/hosts.allow and /etc/hosts.deny to allow network access to the .fnal.gov domain only.  Off site users may need to modify these files for local access.

• Some form of ssh is installed by default. This form may be a patched version of ssh, or OpenSSH. (OpenSSH is the only option for Fermi Linux 9.0.1 and above) But both versions are kerberized, and have the latest security patches in them. More information can be found on the ssh rpms or the differences between ssh and OpenSSH

• Autorpm or YUM has been added as default. (YUM only on Fermi Linux 7.3.1 and above) When a package is upgraded we will place it in linux.fnal.gov://linux/(distribution)/i386/updates/RedHat/RPMS. AutoRPM or YUM will automatically upgrade packages when they are able. For more info on this process see the Fermi AutoRPM documentation or Fermi YUM documentation

• Kerberos is a integral piece of the Strong Authentication Project at Fermi. The later releases (Fermi Linux 7.1.1 and above) it is installed by default. For information on installing and configurating kerberos on Fermi Linux and rpm based linux's, please see our kerberos page, or visit Fermi's Strong Authentication manual. and the Strong Authentication Project .

Send mail to us at:
E-mail alias: csi-group@fnal.gov

Last modified: Mar. 18, 2004