openSUSE 11.4 security settings
Since doing my first reviews of openSUSE 11.4 I have become a big fan. Not only is it one of the most stable and reliable distributions to date, it also offers KDE 4.6, LibreOffice, and a whole slew of other features that should appeal to most Linux users. And openSUSE can be used by nearly any experience level. Although not perfectly suited for new users (the Add/Remove Software tool being one of the only shortcomings), even Linux gurus can enjoy this fantastic release.
One of the features the more advanced user will appreciate is the Security settings available in YaST2. The amount of detail given to security in this release is stunning...but not necessarily built for the new user. I want to highlight the openSUSE security settings so you can see for yourself just how granular you can be with openSUSE security.
Where to find security?
By default, of the security settings you are about to see are installed in openSUSE 11.4. In order to open up the Security Settings window click on Start > Computer > Administrator Settings (YaST). Once in YaST click on the Security and Users section (see Figure 1).
From there you will find a few security features to configure:
- Firewall: Configure your firewall on your system.
- Security Center and Hardening: Configure numerous security settings.
- Sudo: Graphic interface for managing sudo.
I want to concentrate on the Security Center in YaST. Click on that entry in the Security and Users section and a new window will open.
Security and Hardening
From within the Security and Hardening window (see Figure 2) you will have numerous settings available to you. In the security overview you get a good idea of what is enabled/disabled on your system. From that same section you can enable, disable, or configure those options. Some of the more handy options are:
Remote access to the display manager: Allow remote access to KDM.
Remote access to X server: Enable remote access to X windows.
Use secure file permissions: You can set your file permissions from three different levels (easy, secure, paranoid).
Another section in this window that is of great interest is pre-defined security settings. From here you can select from four different settings:
- Home Workstation
- Networked Workstation
- Network Server
If you do not want to monkey around with too many of the security settings, I highly recommend you select one of the first three options here.
If you look at the Password section you will be surprised to find you can actually configure password checks as well as password expiration. If you have multiple users on your system, and you want to make sure your users are setting solid passwords, make sure you configure these sections. Here you can set the following:
- Minimum password length.
- Number of passwords to remember.
- Password encryption method.
- Password age (min and max).
- Days before Password Expires Warning.
Finally, you should take a look at the login section. Here you can set the amount of incorrect login attempts that can occur before a delay is forced. You can also enable/disable remote graphical login.
Although openSUSE is not generally consider among the most secure Linux distributions, if administered properly it can easily stand toe to toe with any distribution available. And having the YaST security options readily available makes configuring openSUSE security a simple endeavor.