이 콘텐츠는 선택한 언어로 제공되지 않습니다.
25.2. An Overview of Security-Related Packages
To enable the secure server, you must have the following packages installed at a minimum:
httpd
- The
httpd
package contains thehttpd
daemon and related utilities, configuration files, icons, Apache HTTP Server modules, man pages, and other files used by the Apache HTTP Server. mod_ssl
- The
mod_ssl
package includes themod_ssl
module, which provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. openssl
- The
openssl
package contains the OpenSSL toolkit. The OpenSSL toolkit implements the SSL and TLS protocols, and also includes a general purpose cryptography library.
Additionally, other software packages provide certain security functionalities (but are not required by the secure server to function):
httpd-devel
- The
httpd-devel
package contains the Apache HTTP Server include files, header files, and the APXS utility. You need all of these if you intend to load any extra modules, other than the modules provided with this product. Refer to the Reference Guide for more information on loading modules onto your secure server using Apache's dynamic shared object (DSO) functionality.If you do not intend to load other modules onto your Apache HTTP Server, you do not need to install this package. - OpenSSH packages
- The OpenSSH packages provide the OpenSSH set of network connectivity tools for logging into and executing commands on a remote machine. OpenSSH tools encrypt all traffic (including passwords), so you can avoid eavesdropping, connection hijacking, and other attacks on the communications between your machine and the remote machine.The
openssh
package includes core files needed by both the OpenSSH client programs and the OpenSSH server. Theopenssh
package also containsscp
, a secure replacement forrcp
(for securely copying files between machines).Theopenssh-askpass
package supports the display of a dialog window which prompts for a password during use of the OpenSSH agent.Theopenssh-askpass-gnome
package can be used in conjunction with the GNOME desktop environment to display a graphical dialog window when OpenSSH programs prompt for a password. If you are running GNOME and using OpenSSH utilities, you should install this package.Theopenssh-server
package contains thesshd
secure shell daemon and related files. The secure shell daemon is the server side of the OpenSSH suite and must be installed on your host to allow SSH clients to connect to your host.Theopenssh-clients
package contains the client programs needed to make encrypted connections to SSH servers, including the following:ssh
, a secure replacement forrsh
;sftp
, a secure replacement forftp
(for transferring files between machines); andslogin
, a secure replacement forrlogin
(for remote login) andtelnet
(for communicating with another host via the Telnet protocol).For more information about OpenSSH, see Chapter 20, OpenSSH, the Reference Guide, and the OpenSSH website at http://www.openssh.com/. openssl-devel
- The
openssl-devel
package contains the static libraries and the include file needed to compile applications with support for various cryptographic algorithms and protocols. You need to install this package only if you are developing applications which include SSL support — you do not need this package to use SSL. stunnel
- The
stunnel
package provides the Stunnel SSL wrapper. Stunnel supports the SSL encryption of TCP connections. It provides encryption for non-SSL aware daemons and protocols (such as POP, IMAP, and LDAP) without requiring any changes to the daemon's code.Note
Newer implementations of various daemons now provide their services natively over SSL, such asdovecot
or OpenLDAP'sslapd
server, which may be more desirable than usingstunnel
.For example, use ofstunnel
only provides wrapping of protocols, while the native support in OpenLDAP'sslapd
can also handle in-band upgrades for using encryption in response to aStartTLS
client request.
Table 25.1, “Security Packages” displays a summary of the secure server packages and whether each package is optional for the installation of a secure server.
Package Name | Optional? |
---|---|
httpd | no |
mod_ssl | no |
openssl | no |
httpd-devel | yes |
openssh | yes |
openssh-askpass | yes |
openssh-askpass-gnome | yes |
openssh-clients | yes |
openssh-server | yes |
openssl-devel | yes |
stunnel | yes |