Active vs. Passive Approaches

Security approaches can always be broken down into two different types: active or passive. An active approach to security covers all actions designed to prevent a breech of your system's security model. A passive approach to security refers to the actions taken to monitor the security of your system based on that security model.

All users should employ both active and passive approaches to security. Each of these approaches strengthens the other. The fact that you know from server logs that a particular user is trying to crack your security (passive approach to security) may lead to you install an application to block them from even getting a login prompt in the first place (active approach to security). Likewise, the fact that you are not using shadow passwords to protect your system (active) may lead you to watch vigorously for changes to key files on your system using a tool such as Tripwire (passive). (For more information on Tripwire, please see Chapter 10.)

Red Hat Linux includes a variety of tools that will help you implement both approaches to security. But the proper use of methods with each approach is crucial to prevent an over-dependence on tools to protect your system.

Tools and Methods for an Active Approach to Security

The vast majority of security tools for Red Hat Linux work to actively protect your system. Here are a few of the most common and useful open source tools:

Methods that support an active approach to security include the following:

Tools and Methods for an Passive Approach to Security

While most security tools for Red Hat Linux are designed for an active approach to security, there are a few tools that can make passive security much less of an administrative burden:

Methods that support an passive approach to security include the following: