The following lines were added (+) and removed (-):
== Want to install telnet? ==telnet server is not recommended for security reasons, plain text over tcp/ip # yum install telnet telnet-server -yHow about telnet client? It is not installed by default. #yum intall telnet -yThe package is Package telnet.i686== SELinux ==SELinux users and roles are not related to the actual system users and roles.All processes and files have an SELinux security context. The -Z switch will work with most utilities to show SELinux security contexts (e.g, 'ls -Z', 'ps axZ' etc) _u user system_u _r role object_r _t type httpd_sys_content_t User: system_u Role: object_r Type: httpd_sys_content_t Level: s0To manage directory and file SELinux contexts ensure that the semanage software is installed. # setenforce 0 turn off SELinux enforcement # setenforce 1 enableWith setenforce 0 SELinux is not actively restrictive, however, still monitors and reports file system violations. Use this mode for diagnostics.== OPENSSL Certificate ==SSL certificates are valid for certain period of time, usually 365 days. They must be renewed once expired.Validate certificate by issuing the following command: # openssl verify my-cert.pem my-cert.pem: OKExpired: # openssl verify my-cert.pem error 10 at 0 depth lookup:certificate has expired OKRenewal of expired certificate consists of two steps: revoke old one, sign certificate request. == Limiting Access to TCP-wrapped Services ==To determine if a client machine is allowed to connect to a service, TCP wrappers reference the following two files, which are commonly referred to as hosts access files: /etc/hosts.allow /etc/hosts.denyChanges to hosts.allow or hosts.deny take effect immediately without restarting network services. Both /etc/hosts.allow and /etc/hosts.deny uses the following format:daemon_list : client_list [ : shell_command ]<daemon list> is a comma-separated list of process names (not service names) or the ALL wildcard.